[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: rewrite a login into a dn in simple bind

To: "'Quanah Gibson-Mount'" <quanah@stanford.edu>, "'Dieter Kluenter'" <dieter@dkluenter.de>, <openldap-software@OpenLDAP.org>
Subject: RE: rewrite a login into a dn in simple bind
From: "Howard Chu" <hyc@highlandsun.com>
Date: Fri, 10 Oct 2003 00:14:38 -0700
Importance: Normal
In-reply-to: <502668258.1065742916@cadabra-dsl.stanford.edu>

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Quanah
Gibson-Mount

> Hm, to be more specific, I know you can replicate a subtree
> in 2.1... I'm
> think more, you can't limit to specific attributes in a
> subtree -- Like
> just uid, which is what he wants, out of an unknown number of
> attributes.
> Our account tree has many, including uid.  So, with 2.2, it
> is possible to
> replicate just particular attributes of a given tree to a replica. :)

Are you forgetting the "attr" option in the 2.1 replica clause?

And to tie this back to the original question - you can certainly point your
clients at a back-ldap that has been configured with the info it needs to
bind to the real directory. Of course, if the back-ldap allows anonymous
clients to query it, this isn't any more secure than before. It's even worse,
actually, and your traffic is still in the clear instead of encrypted...

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

Follow-Ups:
- RE: rewrite a login into a dn in simple bind
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

References:
- Re: rewrite a login into a dn in simple bind
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: back-bdb cachesize and DB_CONFIG set_cachesize
Next by Date: RE: rewrite a login into a dn in simple bind
Index(es):
- Chronological
- Thread