[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd.conf for proxy to AD



On Wed, Feb 09, 2011 at 01:20:22AM -0800, Howard Chu wrote:

> Buchan Milne wrote:
> >On Wednesday, 9 February 2011 01:13:38 masarati@aero.polimi.it wrote:

> >>Please note that you're asking OpenLDAP's slapd to bridge
> >>the gap between two broken pieces of code

Very likely, and we are fortunate to have a tool that will fill such
gaps as they occur with depressing regularity in large organisations.

> Sorry but that just doesn't compute. If you have organizational
> security standards that are being audited and they forbid anonymous
> access, then allowing anonymous access to an OpenLDAP proxy that
> connects to AD is going to be equally forbidden.

In some environments the IP address of the client system is considered
to be sufficient authentication. OpenLDAP ACLs can cope with that. AD
ACLs are much less flexible.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------