If you have a complete control over an application configuration, anyway you can do anything you want, even use/etc/passwd file instead of LDAP :) If you consider however that a bind limitation based on the ACIs could be a useful feature you can request this feature at the bugzilla of Fedora Directory Server (bugzilla.redhat.com). I don't know whether this feature exists in OpenLDAP or Active Directory... 2008/5/11 <murthy at barc.gov.in>: > Thank you very much for the URLs. This will help me to control users of > which group can authenticate using ldap and go through proxy. I will > follow this approach. > > > As far as i can see making a quick google search squid can do > > authorisation using ldap fi> Still there is the case where if the squid proxy server is administered > by some other people, they can bypass this restriction as instead of > defining filters for ldap operation, they can simply use BIND operation > to get authenticated. This can never be controlled at the LDAP server > level. For that matter this can be used by any application to bypass > group level control.
