[Fedora-directory-users] How to control the BIND operation using ACI
Andrey Ivanov
andrey.ivanov at polytechnique.fr
Sun May 11 15:20:03 UTC 2008
If you have a complete control over an application configuration,
anyway you can do anything you want, even use/etc/passwd file instead
of LDAP :)
If you consider however that a bind limitation based on the ACIs could
be a useful feature you can request this feature at the bugzilla of
Fedora Directory Server (bugzilla.redhat.com). I don't know whether
this feature exists in OpenLDAP or Active Directory...
2008/5/11 <murthy at barc.gov.in>:
> Thank you very much for the URLs. This will help me to control users of
> which group can authenticate using ldap and go through proxy. I will
> follow this approach.
>
> > As far as i can see making a quick google search squid can do
> > authorisation using ldap fi> Still there is the case where if the squid proxy server is administered
> by some other people, they can bypass this restriction as instead of
> defining filters for ldap operation, they can simply use BIND operation
> to get authenticated. This can never be controlled at the LDAP server
> level. For that matter this can be used by any application to bypass
> group level control.
More information about the Fedora-directory-users
mailing list