Building a modern LDAP-based security framework presented at AUScert 2007

by Andrea Barisani,

Summary : Workshop: Building a modern LDAP-based security framework
Duration: 3.5 hours
The audience will be introduced to the general architecture of LDAP and its advanced usage in UNIX environments as a tool for improving accounts and authorization security via central management.
The LDAP protocol and its related frameworks are valuable and powerful tools for user and authorization management in UNIX environment. This tutorial will show how to integrate such technology using the latest available tools for a completely centralized management of UNIX accounts.
We will show how it's possible to grant/restrict and control user authorization in a scalable and efficient way on multi-server environments without any post-installation interaction on the LDAP aware servers, centralizing all the management task and access control. The objective is providing a clean, secure and flexible access control system including SSH public key management and Sudo profile management via LDAP.
The workshop will focus on a secure implementation of the framework by clearly illustrating how LDAP can improve infrastructure security showing all the common mistakes to avoid that could instead open up security holes.
LDAP failover problems in production environments will also be a central topic of the presentation.
The tutorial session will focus on the OpenLDAP implementation on Gnu/LINUX systems, other covered applications are pam_ldap / nss_ldap / openssh-lpk / sudo / perl-ldap / PAM.
Prerequisites Skills
basic command line proficiency on *NIX systems
basic Linux/*NIX system administration skills
familiarity with Makefiles / autoconf usage and package compilation and installation
Speaker Profile