Directory servers are high-value targets because they hold identities and auth metadata.\n\n## LDAP Hardening\n\n- Enforce LDAPS/StartTLS only for client binds.\n- Disable anonymous bind unless explicitly required.\n- Restrict bind DN privileges with least privilege ACLs.\n\n## Replication and Admin Security\n\n- Protect replication channels with TLS and strong auth.\n- Restrict admin console access to management networks.\n- Audit schema and ACL changes.