HP-UX Directory Server 8.1 deployment guide
• Allow an organization's administrator to create and manage entries for that organization.
This approach allows an organization's administrators to function as the directory content
managers.
• Create roles that give groups of people read or write access privileges.
For example, there can be roles created for human resources, finance, or accounting. Allow
each of these roles to have read access, write access, or both to the data needed by the group.
This could include salary information, government identification numbers, and home phone
numbers and address.
For more information about roles and grouping entries, see “Grouping directory entries”.
There may be multiple individuals who need to have write access to the same information. For
example, an information systems (IS) or directory management group probably requires write
access to employee passwords. It may also be desirable for employees themselves to have write
access to their own passwords. While, generally, multiple people will have write access to the
same information, try to keep this group small and easy to identify. Keeping the group small
helps ensure data integrity.
For information on setting access control for the directory, see Chapter 8 “Designing a secure
directory”.
2.3.7 Determining data access
After determining data ownership, decide who can read each piece of data. For example,
employees' home phone numbers can be stored in the directory. This data may be useful for a
number of organizations, including the employee's manager and human resources. Employees
should be able to read this information for verification purposes. However, home contact
information can be considered sensitive, so it probably should not be widely available across the
enterprise.
For each piece of information stored in the directory, decide the following:
• Can the data be read anonymously?
The LDAP protocol supports anonymous access and allows easy lookups for common
information such as office sites, email addresses, and business telephone numbers. However,
anonymous access gives anyone with access to the directory access to the common
information. Consequently, use anonymous access sparingly.
• Can the data be read widely across the enterprise?
Access control can be set so that the client must log into (or bind to) the directory to read
specific information. Unlike anonymous access, this form of access control ensures that only
members of the organization can view directory information. It also captures login
information in the directory's access log so there is a record of who accessed the information.
For more information about access controls, see “Designing access control”.
• Is there an identifiable group of people or applications that need to read the data?
Anyone who has write privileges to the data generally also needs read access (with the
exception of write access to passwords). There may also be data specific to a particular
organization or project group. Identifying these access needs helps determine what groups,
roles, and access controls the directory needs.
For information about groups and roles, see Chapter 4 “Designing the directory tree”. For
information about access controls, see “Designing access control”.
Making these decisions for each piece of directory data defines a security policy for the directory.
These decisions depend upon the nature of the site and the kinds of security already available
at the site. For example, having a firewall or no direct access to the Internet means it is safer to
support anonymous access than if the directory is placed directly on the Internet. Additionally,
2.3 Performing a site survey 23