Educause Security Discussion
mailing list archives
Re: a question about having College ID number as part of directory information
From: "pmorley () mcdaniel edu" <pmorley () MCDANIEL EDU>
Date: Thu, 7 Nov 2013 14:11:52 +0000
We had similar concerns, and when Microsoft AD was implemented here Microsoft told us that don't store
anything that is sensitive in AD......
We mitigated this by extending our schema with custom attributes that are marked as "private" and are
secured by a special security group only certain things can query on these attributes.
This is the only way that is supported and that appears to be relatively secure.
To do this, you must apply for a site specific OID and use that OID to extend your schema.
Data Center Administrator | Information Technology
2 College Hill
Westminster, MD 21157
* Office: (410) 857-2540
* E-mail: pmorley () mcdaniel edu<mailto:pmorley () mcdaniel edu>
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Roy
Sent: Thursday, November 07, 2013 8:58 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] a question about having College ID number as part of directory information
This may have been addressed before but I am being asked if providing a college ID number on our LDAP and other
directory services is a security risk.
I'm feeling that it isn't but I'm press to put a statement behind it that will put people at ease.
Director Technology Infrastructure
Library and Information Systems
26 E. Main Street
Norton, MA 02766
Galang_Roy () WheatonCollege edu<mailto:Galang_Roy () WheatonCollege edu>