{"id":214,"date":"2015-08-11T16:43:52","date_gmt":"2015-08-11T16:43:52","guid":{"rendered":"http:\/\/ldapcon.org\/2015\/?page_id=214"},"modified":"2015-08-11T16:43:52","modified_gmt":"2015-08-11T16:43:52","slug":"tutorial-use-aciacl-to-move-fast-to-a-stronger-and-safer-directory","status":"publish","type":"page","link":"https:\/\/ldapcon.org\/2015\/tutorials\/tutorial-use-aciacl-to-move-fast-to-a-stronger-and-safer-directory\/","title":{"rendered":"Tutorial: Use ACI\/ACL to move fast to a stronger and safer directory"},"content":{"rendered":"<h1>Tutorial: Use ACI\/ACL to move fast to a stronger and safer directory<\/h1>\n<p><em>Alban Meunier<\/em><\/p>\n<p>SmartWave SA<\/p>\n<h2>Summary<\/h2>\n<p>LDAP directory comes with a set of out of the box security. For any implementation, it&#8217;s required to get the control of who can do what and when. This is the purpose of the ACI.<\/p>\n<p>With the lab, you will discover the power of ACI based on a functional approach. The proposed approach is the same for each use case:<\/p>\n<ul>\n<li>understand<\/li>\n<li>test before ACI<\/li>\n<li>implement ACI<\/li>\n<li>test after ACI<\/li>\n<\/ul>\n<p>The lab will use the following command line tools:<\/p>\n<ul>\n<li>ldapsearch<\/li>\n<li>ldapmodify + LDIF files<\/li>\n<\/ul>\n<p>Lab is built with ForgeRock OpenDJ<\/p>\n<h2>Requirements<\/h2>\n<p>Attendees must have a basic knowledge of LDAP filters<\/p>\n<p>Attendees must bring a laptop with either Windows, OS X, or Linux<\/p>\n<p>JRE or JDK must be installed<\/p>\n<p>OpenDJ2.6.2.zip downloaded but not installed<\/p>\n<p>Internet access is needed to download hand-outs and data set<\/p>\n<h2>Agenda<\/h2>\n<ul>\n<li>Concept of ACI\/ACL<\/li>\n<li>Overview of the syntax elements<\/li>\n<li>Install the environment (5 minutes)\n<ul>\n<li>install a fresh OpenDJ for the LAB<\/li>\n<li>import data set for the lab<\/li>\n<\/ul>\n<\/li>\n<li>What we want to achieve\n<ul>\n<li>security best practices<\/li>\n<li>functional use cases<\/li>\n<\/ul>\n<\/li>\n<li>What is implemented out of the box<\/li>\n<li>Disable unauthenticated access<\/li>\n<li>Administrators<\/li>\n<li>Externals<\/li>\n<li>Internals<\/li>\n<li>Application account<\/li>\n<li>Backup agent<\/li>\n<li>Ldap browsers<\/li>\n<li>No clear text communication<\/li>\n<li>Conclusion<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Tutorial: Use ACI\/ACL to move fast to a stronger and safer directory Alban Meunier SmartWave SA Summary LDAP directory comes with a set of out of the box security. For any implementation, it&#8217;s required to get the control of who&#8230; <a class=\"read-more-button\" href=\"https:\/\/ldapcon.org\/2015\/tutorials\/tutorial-use-aciacl-to-move-fast-to-a-stronger-and-safer-directory\/\">(READ MORE)<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"parent":128,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"template-without-title.php","meta":{"footnotes":""},"class_list":["post-214","page","type-page","status-publish","hentry"],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ldapcon.org\/2015\/wp-json\/wp\/v2\/pages\/214","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ldapcon.org\/2015\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/ldapcon.org\/2015\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/ldapcon.org\/2015\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ldapcon.org\/2015\/wp-json\/wp\/v2\/comments?post=214"}],"version-history":[{"count":2,"href":"https:\/\/ldapcon.org\/2015\/wp-json\/wp\/v2\/pages\/214\/revisions"}],"predecessor-version":[{"id":216,"href":"https:\/\/ldapcon.org\/2015\/wp-json\/wp\/v2\/pages\/214\/revisions\/216"}],"up":[{"embeddable":true,"href":"https:\/\/ldapcon.org\/2015\/wp-json\/wp\/v2\/pages\/128"}],"wp:attachment":[{"href":"https:\/\/ldapcon.org\/2015\/wp-json\/wp\/v2\/media?parent=214"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}