{"id":20174,"date":"2024-09-11T12:00:26","date_gmt":"2024-09-11T10:00:26","guid":{"rendered":"https:\/\/blog.rwth-aachen.de\/itc\/?p=20174"},"modified":"2024-08-22T09:33:26","modified_gmt":"2024-08-22T07:33:26","slug":"ldap-adressbuch","status":"publish","type":"post","link":"https:\/\/blog.rwth-aachen.de\/itc\/en\/2024\/09\/11\/ldap-adressbuch\/","title":{"rendered":"Security in E-mail Traffic 3: LDAP Address Book"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_20174 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_20174')){$('.twoclick_social_bookmarks_post_20174').socialSharePrivacy({\"txt_help\":\"Wenn Sie diese Felder durch einen Klick aktivieren, werden Informationen an Facebook, Twitter, Flattr, Xing, t3n, LinkedIn, Pinterest oder Google eventuell ins Ausland \\u00fcbertragen und unter Umst\\u00e4nden auch dort gespeichert. N\\u00e4heres erfahren Sie durch einen Klick auf das <em>i<\\\/em>.\",\"settings_perma\":\"Dauerhaft aktivieren und Daten\\u00fcber-tragung zustimmen:\",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/blog.rwth-aachen.de\\\/itc\\\/en\\\/2024\\\/09\\\/11\\\/ldap-adressbuch\\\/\",\"post_id\":20174,\"post_title_referrer_track\":\"Security+in+E-mail+Traffic+3%3A+LDAP+Address+Book\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p><div id=\"attachment_20178\" style=\"width: 310px\" class=\"wp-caption alignright\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-20178\" class=\"size-medium wp-image-20178\" src=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2024\/08\/Blog-Layout-4-300x200.png\" alt=\"Isometric hacking password stealing icon with 3d computer key and warning notification vector illustration\" width=\"300\" height=\"200\" srcset=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2024\/08\/Blog-Layout-4-300x200.png 300w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2024\/08\/Blog-Layout-4-1024x683.png 1024w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2024\/08\/Blog-Layout-4-768x512.png 768w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2024\/08\/Blog-Layout-4-1536x1024.png 1536w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2024\/08\/Blog-Layout-4-2048x1365.png 2048w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><p id=\"caption-attachment-20178\" class=\"wp-caption-text\">Source: <a href=\"https:\/\/de.freepik.com\/vektoren-kostenlos\/isometrisches-hacking-passwort-das-illustration-mit-3d-computerschluessel-und-warnbenachrichtigung-stiehlt_17257181.htm#fromView=search&amp;page=1&amp;position=9&amp;uuid=57e1bbcd-581d-45ab-b596-11565627f050\">Freepik<\/a><\/p><\/div><\/p>\n<p>The LDAP address book (LDAP = Lightweight Directory Access Protocol) is a type of database or directory that an email application queries via a predefined path (server name, port, branch\/search base) in order to find out the user certificate of an email address, for example. If such an LDAP address book is integrated into your own email application, encrypted emails can be sent directly, for example, provided the recipients have published their user certificate in the LDAP address book. Not every e-mail has to be sent encrypted, but you can select this option if you wish and after successful setup. Read more about the encryption of emails in<a href=\"https:\/\/blog.rwth-aachen.de\/itc\/en\/2024\/09\/04\/verschlusselung\/\"> part 2<\/a> of the blog series.<\/p>\n<p>&nbsp;<\/p>\n<p><!--more--><\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #00549f;\">The LDAP Address Book at RWTH Aachen University<\/span><\/h3>\n<p>RWTH Aachen University has its own <a href=\"https:\/\/help.itc.rwth-aachen.de\/en\/service\/81a55cea5f2b416892901cf1736bcfc7\/article\/7be924a5ef2b4e6292fcdbb7027cf813\/\">LDAP server<\/a>, which can be integrated as an LDAP address book to find user certificates. You can find the server<\/p>\n<ul>\n<li>Server address: ldappv.rwth-aachen.de<\/li>\n<li>Search base: o=RWTH Aachen University,ou=GEANT\/TCS,dc=rwth-aachen,dc=de<\/li>\n<\/ul>\n<p>In this G\u00c9ANT branch you can search for the e-mail or surname of the recipient. A maximum of three results will be returned, which means that a precise search (for example, the entire e-mail address) is advantageous.<\/p>\n<p>The G\u00c9ANT branch can be <a href=\"https:\/\/help.itc.rwth-aachen.de\/en\/service\/81a55cea5f2b416892901cf1736bcfc7\/article\/810f18fb4a9a408aa4b70621b014cbd1\/\">integrated<\/a> into common e-mail applications.<\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #00549f;\">G\u00c9ANT\/TCS vs. DFN-PKI Global<\/span><\/h3>\n<p>At this point, the PKI migration from DFN to G\u00c9ANT\/TCS in August 2023 poses a challenge. All valid user certificates of the new <a href=\"https:\/\/help.itc.rwth-aachen.de\/en\/service\/81a55cea5f2b416892901cf1736bcfc7\/article\/810f18fb4a9a408aa4b70621b014cbd1\/\">G\u00c9ANT\/TCS PKI<\/a> (available via the RA portal since August 2023) will always be automatically included in ldappv.rwth-aachen.de. All still valid and published user certificates of the old DFN-PKI Global (issued until the end of August 2023 and still valid for up to three years) can be found in the <a href=\"https:\/\/help.itc.rwth-aachen.de\/en\/service\/81a55cea5f2b416892901cf1736bcfc7\/article\/4c81bc621b7a4f27a53b941d6352f0bd\/\">LDAP server of the DFN-PKI<\/a>:<\/p>\n<ul>\n<li>Server address: ldap.pca.dfn.de<\/li>\n<li>Search base: ou=DFN-PKI,o=DFN-Verein,c=en<\/li>\n<\/ul>\n<p>This means that if you want to find all users at the RWTH with a published user certificate, you must include both of the above LDAP address books. The fastest search result is obtained by searching for an exact e-mail address.<\/p>\n<p>The advantage of DFN-LDAP is that you can also find certificates from users of other institutions within DFN-Verein and outside RWTH. The DFN-LDAP is also accessible worldwide. The disadvantage, however, was that when applying for your own certificate in the DFN-PKI Global, you could choose whether it would be included in the DFN-LDAP. As a result, it is possible that recipients who have a certificate are still not found in the DFN-LDAP. In such a case, digitally signed e-mails would have to be exchanged first (handshake).<\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #00549f;\">What Should I Bear in Mind When Exchanging Encrypted Emails?<\/span><\/h3>\n<p>As with digital signing, your own .p12 file (and therefore your own private key) must never be passed on to third parties. If you change computers, remember to reintegrate your .p12 files on the new computer and in the email application.<\/p>\n<p>You must proceed in the same way if you use several computers and want to read encrypted emails on them. You also need to consider whether you want to install your own cryptographic keys on devices such as smartphones, which are easier to steal or lose. It is recommended that you open sensitive emails on your work computer.<\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #00549f;\">What About Digitally Encrypting Documents?<\/span><\/h3>\n<p>It is also possible to digitally encrypt documents using Microsoft Word or Adobe Acrobat, for example. Please note that there are no instructions for this on IT Center Help yet due to the low demand.<\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #00549f;\">How Do I Use My User Certificate?<\/span><\/h3>\n<p>We have now reached the end of the \u201cEmail security\u201d blog series. In the following, we will briefly summarize the possible uses of your user certificates:<\/p>\n<ul>\n<li>For sending digitally signed emails<\/li>\n<li>For digitally signing documents<\/li>\n<li>For sending digitally encrypted emails<\/li>\n<li>For receiving digitally encrypted emails<\/li>\n<li>For authentication on web applications (not at RWTH)<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/help.itc.rwth-aachen.de\/en\/service\/81a55cea5f2b416892901cf1736bcfc7\/article\/53d3c5ee49c24f00adc925ee87f7644d\/\">Applications<\/a> for user certificates at RWTH have been made via the <a href=\"https:\/\/ra-portal.itc.rwth-aachen.de\/\">RA portal<\/a> since mid-August 2023. Instructions can be found in our documentation portal <a href=\"https:\/\/help.itc.rwth-aachen.de\/en\/service\/81a55cea5f2b416892901cf1736bcfc7\/article\/53d3c5ee49c24f00adc925ee87f7644d\/\">IT Center Help<\/a>.<\/p>\n<p>&nbsp;<\/p>\n<hr \/>\n<p>Responsible for the content of this article are <a href=\"https:\/\/www.itc.rwth-aachen.de\/cms\/it-center\/it-center\/profil\/team\/~epvp\/mitarbeiter-campus-\/?gguid=PER-CCTCUPK&amp;allou=1&amp;lidx=1\">Mirko Koch<\/a>, <a href=\"https:\/\/www.itc.rwth-aachen.de\/cms\/it-center\/it-center\/profil\/team\/~epvp\/mitarbeiter-campus-\/?gguid=PER-JLYS4CA&amp;allou=1&amp;lidx=1\">Bernd Kohler<\/a>, <a href=\"https:\/\/www.itc.rwth-aachen.de\/cms\/it-center\/it-center\/profil\/team\/~epvp\/mitarbeiter-campus-\/?gguid=PER-WA9GPG2&amp;allou=1&amp;lidx=1\">Jelena Nikoli\u0107<\/a>, and <a href=\"https:\/\/www.itc.rwth-aachen.de\/cms\/it-center\/it-center\/profil\/team\/~epvp\/mitarbeiter-campus-\/?gguid=PER-VJ4LVJ6&amp;allou=1&amp;lidx=1\">Katerina Papachristou<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>Sorry, this entry is only available in Deutsch.<\/p>\n","protected":false},"author":5003,"featured_media":20178,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"c2c_always_allow_admin_comments":false,"footnotes":""},"categories":[311,314,315],"tags":[50,503,136,1223,578],"class_list":["post-20174","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-fun-facts","category-it-sicherheit","category-services-support","tag-e-mail","tag-e-mails","tag-email","tag-schutz-ldap-adressbuch","tag-verschluesselung"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/20174","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/users\/5003"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/comments?post=20174"}],"version-history":[{"count":4,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/20174\/revisions"}],"predecessor-version":[{"id":20257,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/20174\/revisions\/20257"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/media\/20178"}],"wp:attachment":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/media?parent=20174"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/categories?post=20174"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/tags?post=20174"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}