[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP Replication - Trust or not to Trust?

To: OpenLDAP software list <openldap-software@OpenLDAP.org>
Subject: Re: OpenLDAP Replication - Trust or not to Trust?
From: Michael Ströder <michael@stroeder.com>
Date: Tue, 26 Oct 2004 09:20:49 +0200
In-reply-to: <6.1.2.0.0.20041025120201.031baba0@127.0.0.1>
References: <20041025174041.65423.qmail@web54301.mail.yahoo.com> <417D4728.60302@symas.com> <B079B09083AAC51D0AD537C6@[10.0.0.1]> <6.1.2.0.0.20041025120201.031baba0@127.0.0.1>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040913

Kurt D. Zeilenga wrote:
> Again, the question is whether or not the user trusts the
> referral information and, if so, how far.  Does the user
> trust the information enough to connect to referred to server?
> Does the user trust the information enough to enter into an
> authentication exchange with that server?  If so, what kind
> of exchange?  Etc..

I strongly agree!

That's why my web2ldap presents an empty(!) login form to the user when hitting a referral. The user must be made aware that a new connection to a different server is made and that appropriate identity information and crendentials have to be chosen and are revealed to the referred server when pressing the submit button.

For these very reasons I also refused to implement any automagic mechanism at python-ldap's API level.

Ciao, Michael.

References:
- Re: OpenLDAP Replication - Trust or not to Trust?
  - From: Alex Franko <frankoalex@yahoo.com>
- Re: OpenLDAP Replication - Trust or not to Trust?
  - From: Howard Chu <hyc@symas.com>
- Re: OpenLDAP Replication - Trust or not to Trust?
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: OpenLDAP Replication - Trust or not to Trust?
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: Update: replog not created anymore ...
Next by Date: Re: Update: replog not created anymore ...
Index(es):
- Chronological
- Thread