Category Archives: LDAP

The Lightweight Directory Access Protocol is a small, fast TCP/IP protocol used for exchanging data with a Directory Server.

LDAP: Hardening Server Security (so administrators can sleep at night)

Client Connections Limit the total number of concurrent sessions to the server and limit the number of concurrent sessions per client Set size-limit, lookthrough-limit, and time-limit per client appropriate to client requirements (be aware of the server’s default settings, often … Continue reading

Posted in computing, LDAP, UnboundID | Tagged , | 2 Comments

LDAP: Client Connection Policies

Introduction A Client Connection Policy controls the portions of the DIT a client can access and resource limits on what clients can do with data stored on the server. Clients are subject to one Client Connection Policy at a given … Continue reading

Posted in computing, LDAP, UnboundID | Tagged , , , | Leave a comment

LDAP: Administrative users

Introduction In an UnboundID LDAP directory server, the “Root DN” (root user) accounts have an extensive set of privileges in the default distribution of the server products; therefore the root DN account(s) should not be used in normal operation except … Continue reading

Posted in computing, LDAP, UnboundID | Tagged , , , , | Leave a comment

LDAP: The MultiUpdateExtendedRequest

The UnboundID Directory Server supports an extended request called the MultiUpdateExtendedRequest. This extended request packages multiple updates in a single request and provides control over the behavior of the server when errors arise during the processing of the extended request. … Continue reading

Posted in Java, LDAP, UnboundID, UnboundID LDAP SDK | Tagged , | Leave a comment

ldapmodify: be careful with attribute options

Clients must include the attribute options when using an attribute name following a mod-spec. Consider the following LDIF: # wrong dn: cn=test,c=us changetype: modify replace: your-attribute-name your-attribute-name;binary: binary-stuff your-attribute-name must contain the option (binary in this case). Here is the … Continue reading

Posted in computing, LDAP | Tagged , | Leave a comment