Security Meets LDAP Multi-Master Replication

Thomas Bauereiß, Dieter Hutter, Stefan Gohmann, Alexander Kläser

In: ANTONIO MUÑOZ, ERNESTO DAMIANI (editor). Third ASE International Conference on Cyber Security. International Workshop on Cloud Security (IWOCS-2014) located at Third ASE International Conference on Cyber Security May 27-31 Stanford CA United States ASE Open Scientific Digital Library 6/2014.


With the easy availability of cloud computing many companies started to distribute their computational needs in mixed-cloud infrastructures just to realize the security risks involved in the light of recent disclosures. To maintain an identity management and to ease the administration of IT infrastructure, LDAP directory services are widely used to store and manage information about the assets of organizations. However, distributing an LDAP directory including sensitive information to partially trusted cloud servers constitute a major security risk. In this paper, we present an LDAP replication mechanism that allows for a fine-grained selection of parts of an LDAP directory tree to be replicated to other servers using content-based filters, while maintaining the availability and performance advantages of a full multi-master replication.

German Research Center for Artificial Intelligence
Deutsches Forschungszentrum für Künstliche Intelligenz