Return-Path: <commits-return-47475-archive-asf-public=cust-asf.ponee.io@directory.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 993F6200BED
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Sun,  1 Jan 2017 22:09:59 +0100 (CET)
Received: by cust-asf.ponee.io (Postfix)
	id 97D52160B41; Sun,  1 Jan 2017 21:09:59 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id E1414160B24
	for <archive-asf-public@cust-asf.ponee.io>; Sun,  1 Jan 2017 22:09:58 +0100 (CET)
Received: (qmail 96797 invoked by uid 500); 1 Jan 2017 21:09:58 -0000
Mailing-List: contact commits-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@directory.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@directory.apache.org>
List-Post: <mailto:commits@directory.apache.org>
List-Id: <commits.directory.apache.org>
Reply-To: dev@directory.apache.org
Delivered-To: mailing list commits@directory.apache.org
Received: (qmail 96788 invoked by uid 99); 1 Jan 2017 21:09:58 -0000
Received: from Unknown (HELO svn01-us-west.apache.org) (209.188.14.144)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 01 Jan 2017 21:09:58 +0000
Received: from svn01-us-west.apache.org (localhost [127.0.0.1])
	by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org) with ESMTP id A62C93A0069
	for <commits@directory.apache.org>; Sun,  1 Jan 2017 21:09:57 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1003923 - in /websites/staging/directory/trunk/content: ./
 api/user-guide/5-ldap-security.html
Date: Sun, 01 Jan 2017 21:09:57 -0000
To: commits@directory.apache.org
From: buildbot@apache.org
X-Mailer: svnmailer-1.0.9
Message-Id: <20170101210957.A62C93A0069@svn01-us-west.apache.org>
archived-at: Sun, 01 Jan 2017 21:09:59 -0000

Author: buildbot
Date: Sun Jan  1 21:09:57 2017
New Revision: 1003923

Log:
Staging update by buildbot for directory

Modified:
    websites/staging/directory/trunk/content/   (props changed)
    websites/staging/directory/trunk/content/api/user-guide/5-ldap-security.html

Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Sun Jan  1 21:09:57 2017
@@ -1 +1 @@
-1776866
+1776874

Modified: websites/staging/directory/trunk/content/api/user-guide/5-ldap-security.html
==============================================================================
--- websites/staging/directory/trunk/content/api/user-guide/5-ldap-security.html (original)
+++ websites/staging/directory/trunk/content/api/user-guide/5-ldap-security.html Sun Jan  1 21:09:57 2017
@@ -184,11 +184,24 @@
 }
 h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
 <h1 id="5-ldap-security">5 - LDAP Security<a class="headerlink" href="#5-ldap-security" title="Permanent link">&para;</a></h1>
+<p>LDAP stores critical informations, and that needs to be secured. The Apache LDAP API provides a way to access those data, there is little we can do to protect the access to those data, but we can at least make it impossible for a third party to capture the transiting data.</p>
+<p>Generally speaking when it comes to securing a system, we are addressing the three <strong>A</strong>s :
+<em> Authentication
+</em> Authorization
+* Auditing</p>
+<p>The only aspect we will focus on is the <strong>Authentication</strong> part, because the <strong>LDAP</strong> protocol does not address the two other aspects, when it comes to an <strong>API</strong>. We will shortly talk about authorization in the last chapter.</p>
+<p>An additional aspect is encryption :
+- securing the communication between the client and the server
+- password hash</p>
+<p>Last, not least, we have seen that we can bind on a <strong>LDAP</strong> server using a name and a password, but there are other ways to bind, using <strong>SASL</strong>. We will also explain how to use certificates in SSL/StartTLS.</p>
 <h2 id="contents">Contents<a class="headerlink" href="#contents" title="Permanent link">&para;</a></h2>
 <ul>
-<li><a href="5.1-aci-and-acls.html">5.1 - ACI and ACLs</a></li>
-<li><a href="5.2-ssl.html">5.2 - SSL</a></li>
-<li><a href="5.3-start-tls.html">5.3 - StartTLS</a></li>
+<li><a href="user-guide/5.1-ssl.html">5.1 - SSL (e)</a></li>
+<li><a href="user-guide/5.2-start-tls.html">5.2 - StartTLS (e)</a></li>
+<li><a href="user-guide/5.3-password-handling.html">5.3 - Password handling</a></li>
+<li><a href="user-guide/5.4-sasl-bind.html">5.4 - SASL Bind</a></li>
+<li><a href="user-guide/5.5-certificates.html">5.5 - Certificates</a></li>
+<li><a href="user-guide/5.6-aci-and-acls.html">5.6 - ACI and ACLs (e)</a></li>
 </ul>