LDAP service
1. About
The Lightweight Directory Access Protocol (LDAP) is an application protocol for accessing and maintaining distributed directory information services over a network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications.
2. Systems
2.2 Backend
Always use the frontend DNS record
Never use the backend nodes directly:
- backend may change without notice at any time (e.g. IP addresses, DNS records, configuration, etc.)
- backend has no legacy support or grace periods, changes are implemented instantly
- backend can be rebootet without notice at any time
- backend access will soon be restricted
6. Backlog
Setup
regenerate containers with Debian 12
upgrade to current openldap
compact db regularly via ldap-tools
restricting backend subnet access to frontend and management only
decide about multi-primary vs proxy
Features
reject read-only bind on nodes from extern, so users don’t get a permission denied but immediate failre.
create low-privilege nodes with only subset of data (for external access), keep high-privileged information on internal nodes only
anycasting ldap.bfh.info
test environment
benchmarking