[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP Replication - Trust or not to Trust?

Kurt D. Zeilenga wrote:
> Again, the question is whether or not the user trusts the
> referral information and, if so, how far.  Does the user
> trust the information enough to connect to referred to server?
> Does the user trust the information enough to enter into an
> authentication exchange with that server?  If so, what kind
> of exchange?  Etc..

I strongly agree!

That's why my web2ldap presents an empty(!) login form to the user when hitting a referral. The user must be made aware that a new connection to a different server is made and that appropriate identity information and crendentials have to be chosen and are revealed to the referred server when pressing the submit button.

For these very reasons I also refused to implement any automagic mechanism at python-ldap's API level.

Ciao, Michael.