For the security of LDAP operations that process requests for directory information, you need to consider the following:
The manner by which clients identify themselves to access information. The manner of identification is determined by the credential level that you specify for the clients. The credential level is managed by the credentialLevel attribute, to which you can assign one of the following values:
anonymous
proxy
proxy anonymous
self
For detailed descriptions of each of these values, see Client Credential Levels.
The method of authenticating the client. The method you specify is managed by the authenticationMethod attribute. You can specify the authentication method by assigning one of the following options:
none
simple
sasl/digest-MD5
sasl/cram-MD5
sasl/GSSAPI
tls:simple
tls:sasl/cram-MD5
tls:sasl/digest-MD5
For detailed descriptions of each of these values, see Authentication Methods for the LDAP Naming Service.
In addition to the credential level to assign to clients as well as the authentication method to use, you should also consider the following:
Whether to use Kerberos and per-user authentication
Value to specify for the servers' passwordStorageScheme attribute
Setup of access control information?
For more information about ACIs, consult the Administration Guide for the version of Oracle Directory Server Enterprise Edition that you are using.
Whether to use the pam_unix_* or pam_ldap module to perform LDAP account management
This consideration is related to whether the LDAP naming service is compatible with NIS.