Directory Server provides security through a combination of the following methods:
Authentication is a means for one party to verify another’s identity. For example, a client gives a password to Directory Server during an LDAP bind operation. Policies define the criteria that a password must satisfy to be considered valid, for example, age, length, and syntax. Directory Server supports anonymous authentication, password-based authentication, certificate-based authentication, SASL-based authentication, and proxy authentication. When authentication is denied, Directory Server provides the following mechanisms to protect data: account inactivation and global lockout. For information about authentication, see How Directory Server Provides Authentication.
Encryption protects the privacy of information. When data is encrypted, the data is scrambled in a way that only a legitimate recipient can decode. Directory Server supports SSL encryption and attribute encryption. For information about encryption, see How Directory Server Provides Encryption.
Access control tailors the access rights granted to different directory users, and provides a means of specifying required credentials or bind attributes. For information about access control , see How Directory Server Provides Access Control.
Auditing determines whether the security of a directory has been compromised. For example, log files maintained by a directory can be audited. For information about log files, see Chapter 10, Directory Server Logging.