Safe And Reliable LDAP System

The framework of railway information security degree protection adopt safe and reliable data processing platform, as technological base of information system degree protection's construction. This safe and reliable data processing platform is a system of data processing, transmission and storage, which is supported by trusted computing technology, and is based on identity authentication, access control, audit mechanism and so forth. Under construction of information security degree protection, safe and reliable data processing platform will use PKI system as base of trusted computing technology.The security of railway information system depends on management, and uses it as trusted foundation. This management must guarantee the resource and the function of security elements of railway information system reliable, the elements contain trusted safe technology, product and policy. PKI system can support for above management. Through PKI certificate system, it can provide resource and function authentication for trusted safe mechanism and other security element. Safe and reliable LDAP system can combine with PKI system, and provide technologic support for centralized security management of railway information system.LDAP system support for centralized security management of information system, include unified certificate, identity, resource, security label, access control policy. LDAP protocol is a kind of widely used data storage type, which is mostly used on the business of query frequently on digital certificate storage, DNS server. The LDAP system quickly response to the security management request, resolve problem of data query and synchronous on identity and policy.This paper is based on LDAP protocol and trusted computing technology, and intends to implement safe and reliable LDAP system. Firstly, based on trusted computing theory, I guarantee the whole system is in the relatively safe environment, construct safe LDAP system for data processing platform, and enhance the security of LDAP system.On the other hand, design and achieve the monitor and process system for system resource and obstacle, it means that when found one module failed, the service from this module must migrate to other module, this kind of migration is real-time and automate, it can guarantee the highly availability, support multiple redundant backup, all these make the whole LDAP system safely and efficiently.The result of research indicate that security enhancement and highly availability in LDAP system, which can be used to construct safe trusted LDAP system in trusted safe data processing platform, in order to save the construction's cost of railway information system, and manage the security efficiently.