[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Configuration Files. Was Re: Newbie with a base suffix searching problem
My thoughts on this are that a person should _not_ have to duplicate data
into a new place every time he/she installs a new LDAP-aware program. On
the other hand, I can see the problem with a slew of applications keeping
their application-specific data in a single file shared will all the other
applications. That being said, perhaps pam_ldap and nss_ldap should split
of their application-specific data to another file, however I think
ldap.conf also needs to be expanded to include a few more attibutes that
are dependant on the directory, not the application... LDAP-aware
applications should get basic LDAP configration information from it.
scope one|sub|base The default search scope
crypt md5|sha|des|none applications should be told the preferred
password encryption logarithm for the server.
Perhaps something should be added to the LDAP API to abstract the physical
location of this data.
> It would be pretty easy to implement acl's which used UID information
> fetched with RFC1423 (pidentd())...
That would be a neet feature, although I'd still want a tight
authentication scheme for the really sensitive stuff. Would it be trivial
to expand the LDAP ACL's to who you are _and_ how you authenticated?
-- Greg
PS. Where can I find documentation on the group acl syntax? I've looked
around but failed to come up with anything.
<a href="mailto:greg@rage.net">|\/\/| Greg Retkowski |\/\/|</a><br>
<a href="http://www.rage.net/">|/\/\|"Save the Factories"|/\/\|</a><br>