Re: Ldap Bind (w/ mod_auth_ldap)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Apr 23, 2008 at 7:55 AM, Krist van Besien <krist.vanbesien@xxxxxxxxx> wrote:
On Tue, Apr 22, 2008 at 3:27 PM, Harry Holt <harryholt@xxxxxxxxx> wrote:

> Yes, it works.  Try adding
>
> AuthBasicProvider ldap

What works? Do you mean that under apache 2.2 is is finally possible
to do ldap authentication without putting a BindDN and Password in
your httpd.conf, and without allowing anonymous LDAP connections?

Krist

Well... that was my assumption.  But looking at the trace, it is in fact performing an anonymous search before attempting the bind.  Maybe it's possible to specify a fully qualified DN and avoid the search, I don't know.

Another option would be to create a user restricted to only be able to do a basic search of limited attributes, and provide the BindDN and Password for that restricted user for doing the search.  Exposure should be acceptable.

... HH




--
krist.vanbesien@xxxxxxxxx
krist@xxxxxxxxxxxxx
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




--
Harry Holt, PMP
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux