======2.3.5 Ensure LDAP client is not installed (Scored)======
=====Profile Applicability=====  
<code>
Level 1 - Server
Level 1 - Workstation 
</code>

=====Description=====
The Lightweight Directory Access Protocol (LDAP) was introduced as a replacement for NIS/YP. It is a service that provides a method for looking up information from a central database.

=====Rationale=====
If the system will not need to act as an LDAP client, it is recommended that the software be removed to reduce the potential attack surface..

=====Audit===== 
Run the following commands to verify ''openldap-clients'' is not installed:
<Code:bash>
# rpm -q openldap-clients 
package openldap-clients is not installed
</Code>

=====Remediation===== 
Run the following command to uninstall ''openldap-clients'':
<Code:bash>
# yum remove openldap-clients
</Code>

=====Impact===== 
Removing the LDAP client will prevent or inhibit using LDAP for authentication in your environment.