LDAP Bind - Major Security Issue?
Posted on 2011-03-18
We have a server that is hosted outside of our state university network. Currently we use SQL authentication to validate our patron's user accounts (thousands of accounts). To more easily manage accounts we would like to tie into the campus LDAP server. This requires that an LDAP bind be allowed from the server hosted outside our network.
Our campus IT department says this is a security issue and it is not allowed. The organization that hosts the server is OCLC, a worldwide library cooperative that works with thousands of libraries all over the globe. They are world renown, reputable and respected.
I want to fight for this bind to be allowed. So my question is....Is this a security concern if the connection is properly configured and managed?