Authentication and authorization using LDAP (Lightweight Directory Access Protocol)
In order to use LDAP, you must have completed a security audit by the IT security team. If you need a security audit, please email sicherheitsmanagement@uni-konstanz.de.
Advantages
The LDAP provides basic authentication data such as name and popID to authorized clients via an LDAP interface. LDAP can store all authorization features required for applications.
Service accounts are only granted reading rights to browse LDAP. Before they are issued, these rights are defined to suit the specific requirements.
Access and requirements
In order to avoid misuse and to ensure the respective data is protected, access to the central LDAP servers is only permitted after completing an application and testing process.
In the case of web applications, applicants must explain why it is not possible/suitable to use Shibboleth for user authentication.
An LDAP service account is required for applications that need to read attributes provided by LDAP. Such accounts are reserved for services operated under the administrative supervision of the Communication, Information, Media Centre (KIM).
Using the test system, it must be documented that error-free access is possible in line with the technical information stated in the application.
Once testing is complete, the central IT security team must be asked to give its approval. To this end, please give the team the information available from the service provider as well as the test results.