I had to enable this option, because FreeIPA 4 doesn't make group membership visible to anonymous binds. The documentation for this option says: This directive should only be used when your LDAP server doesn't accept anonymous comparisons and you cannot use a dedicated AuthLDAPBindDN. I've been trying to think of a way in which creating an additional LDAP user, just for this purpose, and storing its password in cleartext in a configuration file is a better option. I can't come up with anything. Does anyone know why this option is discouraged? -- ======================================================================== Ian Pilcher arequipeno@xxxxxxxxx -------- "I grew up before Mark Zuckerberg invented friendship" -------- ======================================================================== --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|