DSML Security

The DSML front end constitutes a restricted HTTP server; it accepts only DSML post operations, it rejects requests that do not conform to the DSMLv2 SOAP binding specifications.

The security of DSML is configured by the following server properties dsml-client-auth-mode, dsml-port, dsml-secure-port, and dsml-relative-root-url. For information about these properties, see server(5dsconf).

For additional security, consider the following.

Protect DSML-enabled directory servers by implementing a firewall.
If you do not impose the use of HTTP over SSL on your clients, implement a demilitarized zone.

Previous: Implementation of the DSMLv2 Standard
Next: DSML Identity Mapping