On Tue, May 2, 2017 at 10:31 AM, Ian Pilcher <arequipeno@xxxxxxxxx> wrote: > I had to enable this option, because FreeIPA 4 doesn't make group > membership visible to anonymous binds. The documentation for this > option says: > > This directive should only be used when your LDAP server doesn't > accept anonymous comparisons and you cannot use a dedicated > AuthLDAPBindDN. > > I've been trying to think of a way in which creating an additional LDAP > user, just for this purpose, and storing its password in cleartext in a > configuration file is a better option. I can't come up with anything. > > Does anyone know why this option is discouraged? It's probably over-stated. It should say that it's the reason this relatively late in the life of mod_ldap/mod_authnz_ldap this directive was added. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|