12,855 research outputs found

    Internet X.509 Public Key Infrastructure Operational Protocols -- LDAPv3

    Get PDF
    This document describes the features of the Lightweight Directory Access Protocol v3 that are needed in order to support a public key infrastructure based on X.509 certificates and CRLs

    Samba Openldap: An Evolution And Insight

    Get PDF
    Directory services facilitate access to information organized under a variety of frameworks and applications. The Lightweight Directory Access Protocol is a promising technology that provides access to directory information using a data structure similar to that of the X.500 protocol. IBM Tivoli, Novell, Sun, Oracle, Microsoft, and many other vendor features LDAP-based implementations. The technology’s increasing popularity is due both to its flexibility and its compatibility with existing applications. A directory service is a searchable database repository that lets authorized users and services find information related to people, computers, network devices, and applications. Given the increasing need for information — particularly over the Internet — directory popularity has grown over the last decade and is now a common choice for distributed applications. Lightweight Directory Access Protocol (LDAP) accommodates the need of high level of security, single sign-on, and centralized user management. This protocol offers security services and integrated directory with capability of storage management user information in a directory. Therefore at the same time the user can determine application, service, server to be accessed, and user privileges. It is necessary to realize files sharing between different operating systems in local area network. Samba software package, as the bridge across Windows and Linux, can help us resolve the problem. In this paper, we try to explore previous literature on this topic and also consider current authors work then come out with our views on the subject matter of discussion based on our understanding

    Identity Management in University System

    Get PDF
    The Identity Management became to be a real and important problem for distributed environments. First off all the access to distributed resources, the distributed communication, virtual workspaces, virtual repositories influence in developing this field of security. How this all started? How this can be implemented? How this can be maintained in a distributed environment?Lightweight Directory Access Protocol, Identity Management

    Identity and Access Management System: a Web-Based Approach for an Enterprise

    Get PDF
    Managing digital identities and access control for enterprise users and applications remains one of the greatest challenges facing computing today. An attempt to address this issue led to the proposed security paradigm called Identity and Access Management (IAM) service based on IAM standards. Current approaches such as Lightweight Directory Access Protocol (LDAP), Central Authentication Service (CAS) and Security Assertion Markup Language (SAML) lack comprehensive analysis from conception to physical implementation to incorporate these solutions thereby resulting in impractical and fractured solutions. In this paper, we have implemented Identity and Access Management System (IAMSys) using the Lightweight Directory Access Protocol (LDAP) which focuses on authentication, authorization, administration of identities and audit reporting. Its primary concern is verification of the identity of the entity and granting correct level of access for resources which are protected in either the cloud environment or on-premise systems. A phased approach methodology was used in the research where it requires any enterprise or organization willing to adopt this must carry out a careful planning and demonstrated a good understanding of the technologies involved. The results of the experimental evaluation indicated that the average rating score is 72.0 % for the participants involved in this study. This implies that the idea of IAMSys is a way to mitigating security challenges associated with authentication, authorization, data protection and accountability if properly deployed

    Software for Replicating Data Between X.500 and LDAP Directories

    Get PDF
    X500/LDAP Directory Replication Utility is a computer program for replicating information between X.500 and LDAP directories. [X.500 is an international standard for on-line directory services. LDAP (Lightweight Directory Access Protocol) is a simple directory access protocol.] The utility can be used to replicate an object of any type from X.500 to LDAP or from LDAP to X.500. The program uses the LDAP version 2 protocol, which is capable of working with both X.500 and LDAP directories. The program can provide any or all of the following services: (1) replicate only modified objects; (2) force replication of all objects; (3) replicate individual objects, one level of objects, or a subtree of objects; (4) filter sets of objects to select ones to be replicated; (5) remove and/or modify object classes from objects that are replicated; and (6) select and/or limit attributes that are replicated. The program includes a separate program that is used to remove objects that are no longer required to be replicated

    Systematic Literature Review on the LDAP Protocol As a Centralized Mechanism for the Authentication of Users in Multiple Systems

    Get PDF
    The protocol LDAP (Lightweight Directory Access Protocol) allows centralized identity authentication, where the information of the directory is faster and easier to read. This article carries out a systematic literature review (SLR) according to what is proposed in the article by Bárbara Kitchenham [1], aimed to identify different methods for users’ authentication in multiple systems using LDAP protocol, an analysis of criteria is carried out about different studies published in five digital libraries (Scopus, IEEEXplorer, Scientific.net, Google Scholar, DBLP), and two academic magazines (Revista EnergĂ­a of UNL, Revista CientĂ­fica of UTB), making relevant conclusions of the use of four mechanisms for the authentication of users of multiple systems such as: Languaje PHP, SSO (Single sign-on), IAM (Identity and Access Management), and T-RBAC (Access control based on roles and tasks), predominantly the use of the PHP language for its administrative tools for managing LDAP servers.     Keywords: LDAP, authentication, user management, systematic literature review, securit

    Access Control Design and Implementations in the ATLAS Experiment

    Get PDF
    The ATLAS experiment operates with a significant number of hardware and software resources. Their protection against misuse is an essential task to ensure a safe and optimal operation. To achieve this goal, the Role Based Access Control (RBAC) model has been chosen for its scalability, flexibility, ease of administration and usability from the lowest operating system level to the highest software application level. This paper presents the overall design of RBAC implementation in the ATLAS experiment and the enforcement solutions in different areas such as the system administration, control room desktops and the data acquisition software. The users and the roles are centrally managed using a directory service based on Lightweight Directory Access Protocol which is kept in synchronization with the human resources and IT data

    A Secure Mobile Cloud Identity: Criteria for Effective Identity and Access Management Standards

    Get PDF
    Managing digital identities and access control for cloud users and applications remains one of the greatest challenges facing cloud computing today. This led to a new cloud security service paradigm called identity and access management (IAM) service, IDentity-as-a-Service (IDaaS). Many IAM standards have been proposed in the last two decades: Lightweight Directory Access Protocol (LDAP), Central Authentication Service (CAS), OZ Protocol, Security Assertion Markup Language (SAML), CoSign Protocol, Open Authentication (OAuth), and OpenID Connect (OIDC). However, Mobile Cloud Computing (MCC) IAM requirements are somewhat different due to its resource limitations and mobile communication. It may not be necessary that the same IAM standards are equally effective for MCC. To determine the appropriateness of these IAM standards for MCC requires some IAM performance evaluation criteria. Therefore, this paper proposes several evaluation criteria for an effective IAM standard for MCC

    Connection-less Lightweight X.500 Directory Access Protocol

    Full text link

    Detection of Lightweight Directory Access Protocol Query Injection Attacks in Web Applications

    Get PDF
    The Lightweight Directory Access Protocol (LDAP) is a common protocol used in organizations for Directory Service. LDAP is popular because of its features such as representation of data objects in hierarchical form, being open source and relying on TCP/IP, which is necessary for Internet access. However, with LDAP being used in a large number of web applications, different types of LDAP injection attacks are becoming common. The idea behind LDAP injection attacks is to take advantage of an application not validating inputs before being used as part of LDAP queries. An attacker can provide inputs that may result in alteration of intended LDAP query structure. LDAP injection attacks can lead to various types of security breaches including (i) Login Bypass, (ii) Information Disclosure, (iii) Privilege Escalation, and (iv) Information Alteration. Despite many research efforts focused on traditional SQL Injection attacks, most of the proposed techniques cannot be suitably applied for mitigating LDAP injection attacks due to syntactic and semantic differences between LDAP and SQL queries. Many implemented web applications remain vulnerable to LDAP injection attacks. In particular, there has been little attention for testing web applications to detect the presence of LDAP query injection attacks. The aim of this thesis is two folds: First, study various types of LDAP injection attacks and vulnerabilities reported in the literature. The planned research is to critically examine and evaluate existing injection mitigation techniques using a set of open source applications reported to be vulnerable to LDAP query injection attacks. Second, propose an approach to detect LDAP injection attacks by generating test cases when developing secure web applications. In particular, the thesis focuses on specifying signatures for detecting LDAP injection attack types using Object Constraint Language (OCL) and evaluates the proposed approach using PHP web applications. We also measure the effectiveness of generated test cases using a metric named Mutation Score
    • …
    corecore