[sork] Head version of passwd w/ldap

Eric Rostetter eric.rostetter@physics.utexas.edu
Thu, 18 Jul 2002 10:05:59 -0500

Previous message: [sork] Head version of passwd w/ldap
Next message: [sork] Vacation feature suggestion
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Edwin Culp <eculp@encontacto.net>:

> My problem here is that my directory can not be read by anonymous.  I'm 

I understand that. 

> not sure what others are doing and would like to know if that is an overly
> paranoid approach. 

People seem to be doing both, although those with anonymous access seem to
be in the majority.

> That doesn't allow me to do the anonymous bind to 
> find the user DN.

Exactly.  The original ldap didn't do anonymous bind.  4 people asked for
it, only one spoke against it, so I changed it to anonymous.  Now I'm at
4 people for anonymous, 2 against.  So my plan is to make it work either
way...

> That is why I added the additional fields but I'm sure 

Yes.  Some people don't like putting the "root" ldap password in plain
text in a file in their web server document area.  I can see the concern
here.  Other's don't want anonymous bind as anyone can then read their
ldap server and collect data.  I understand that also.  So far those
were the only two choices I had.  You've no proposed a third (bind with
the user's username/password).

> that it can be implemented by using the form data and the oldpassword and 
> be more clear.

Interesting 3rd option...

> AFAIK, there isn't a standard LDAP handling in Horde apps, but they will
> work alike with slightly different approaches in their configurations. 

Uhm, not totally sure, but there is a reasonable handling in Horde which 
I think I want to emulate here...

>  |  
>  | Thanks for finding the bugs!
> 
> You deserve the thanks for writing the program and maintaining it.

Well, I didn't actually write it.  I just rewrote it and maintain it.
(and branched the forwards/vacations/accounts modules off it)

And I'm really dependent on others.  I only run one authentication method
here.  So for any others (smb, ldap, mdeamon, etc) I'm dependent on the
kindness of others...

-- 
Eric Rostetter
The Department of Physics
The University of Texas at Austin

"TAD (Technology Attachment Disorder) is an unshakable, impractical devotion
to a brand, platform, product line, or programming language. It's relatively
harmless among the rank and file, but when management is afflicted the damage
can be measured in dollars. It's also contagious -- someone with sufficient
political clout can infect an entire organization."

--"Enterprise Strategies" columnist Tom Yager.

Previous message: [sork] Head version of passwd w/ldap
Next message: [sork] Vacation feature suggestion
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]