7.3 Security Considerations

The following security considerations are recommended:

  • Make sure that only authenticated users have browse rights to the tree. To limit this, do the following:

    • Remove browse rights of [Public] on tree root.

    • Assign [Root] browse rights on tree root.

  • Set the ldapBindRestrictions attribute on the LDAP server object to Disallow anonymous Simple Bind. This prevents the clients from doing anonymous binds.

  • By default, the cipher is set to Export. Make LDAP more secure by setting the cipher to HIGH. To do this, change the bind restrictions attribute of the LDAP Server object to Use Higher Cipher (greater than 128 bit).