[unisog] LDAP access for 3rd parties
knightod at appstate.edu
Wed Feb 13 11:37:21 GMT 2008
If you give a 3rd party access to your ldap for the purpose of
authenticating your users then they have access to your user's raw
password. To me this is a serious general controls issue.
We have other methods but are getting complaints from users that want
3rd party applications and their vendor only seems to know ldap. In
part I'm getting a lot of "well, site A, site B,... are all allowing us
to use their ldap service".
Oscar D. Knight knightod at appstate dot edu
ITS Voice: 828-262-6946
Appalachian State University, Boone, NC 28608 FAX: 828-262-2236
More information about the unisog