Arief Yudhawarman

Masih belajar buat blog

Archive for November 2017

LDAP Tutorial (2)

with one comment

Security Policy

We are going to build an Access Control Policy (ACP a.k.a. ACL) based on Corporate Policy which states:

  1. The directory entry owner is able to see and update ALL the directory attributes including passwords.
  2. Human Resources must be able to update ANY entry but must not be able to read or write the users password.
  3. The Directory entries carlicence, homepostaddress and homephone must not be readable by anyone except human resources and the owner of the directory entry.
  4. All users must authenticate (anonymous access is not allowed).
  5. The IT department must be able to update or change the password entry on ALL directory entries.

Whatever your opinions of the above policy we are going to have to provide the access controls to implement it. The first thing we have do is to create two groups one for hrpeople and one for itpeople to enable us to assign group permissions. We will locate these groups using a groups branch under the DIT root. The diagram below shows our new structure.

Read the rest of this entry »


Written by awarmanf

November 1, 2017 at 2:59 am

Posted in LDAP, Linux, perl

Tagged with , ,