The LDAP server should be able to specify different restrictions for the AE-Title list and for the remainder of the configuration information. To facilitate interoperability, Table H.1-15 defines several patterns for access control. They correspond to different assessments of risk for a network environment.
Table H.1-15 LDAP Security Patterns
|Read AE-title||Anonymous, TLS||Anonymous, TLS||Anonymous, Basic||Anonymous, Basic||Anonymous||Anonymous|
TLS This pattern provides SSL/TLS authentication and encryption between client and server. It requires additional setup during installation because the TLS certificate information needs to be installed onto the client machines and server. Once the certificates are installed the clients may then perform full updating operations.
This pattern provides SSL/TLS controls for read access to information and require manual intervention to perform update and creation functions.
Basic This pattern utilizes the LDAP basic security to gain access to the LDAP database. It requires the installation of a password during client setup. It does not provide encryption protection. Once the password is installed, the client can then perform updates.
This pattern utilizes basic security protection for read access to the configuration information and requires manual intervention to perform update and creation functions.
This pattern permits full read/update access to all machines on the network.
This pattern permits full read access to all machines on the network, but requires manual intervention to perform update and creation.
A client or server implementation may be capable of being configured to support multiple patterns. This should be documented in the conformance claim. The specific configuration in use at a specific site can then be determined at installation time.