Re: How to Restrict user authentication per application?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

We accomplish for some applications by assigning a different proxy to each and then control in LDAP who the proxy can see. This should work when you can't control the logic used by the application itself.

Deborah Crocker, PhD
Systems Engineer III 
Office of Information Technology 
The University of Alabama
Box 870346 
Tuscaloosa, AL 36587 
Office 205-348-3758 | Fax 205-348-9393 
deborah.crocker@xxxxxx

-----Original Message-----
From: msarmadi@xxxxxxxxxxxxxx [mailto:msarmadi@xxxxxxxxxxxxxx] 
Sent: Monday, November 21, 2016 4:20 AM
To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx
Subject: [389-users] Re: How to Restrict user authentication per application?

Thank you, You are right about one problem. 

However, I believe what you are proposing is not a solution to the problem I'm talking about. Just because, in the problem I'm addressing, I can't and it is not possible to use your method. 

As I said, the applications we are using are not all of them supporting search or group check. So for those which does not support your method, I posted this problem. Your solution is not addressing this problem and is for the case which application supports those things. 

-
Additionally, to support my idea of ACI on Bind, I think having ACI on Bind operation just like others(read,write,...) has many advantages. I could talk about many things like improve security. For example think of an environment which you want to protect your directory from unwanted access, even "bind", based on a policy, time or ip for example.

Please mention that this mechanism is available in some other products, and also some vendors have developed policy aware directory or a proxy which adds those to the simple directory. (e.g. netiq edirectory or ldap proxy) I mean this need / requirement is actual and natural.

_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux