We accomplish for some applications by assigning a different proxy to each and then control in LDAP who the proxy can see. This should work when you can't control the logic used by the application itself.
Deborah Crocker, PhD Systems Engineer III Office of Information Technology The University of Alabama Box 870346 Tuscaloosa, AL 36587 Office 205-348-3758 | Fax 205-348-9393 [email protected] -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Monday, November 21, 2016 4:20 AM To: [email protected] Subject: [389-users] Re: How to Restrict user authentication per application? Thank you, You are right about one problem. However, I believe what you are proposing is not a solution to the problem I'm talking about. Just because, in the problem I'm addressing, I can't and it is not possible to use your method. As I said, the applications we are using are not all of them supporting search or group check. So for those which does not support your method, I posted this problem. Your solution is not addressing this problem and is for the case which application supports those things. - Additionally, to support my idea of ACI on Bind, I think having ACI on Bind operation just like others(read,write,...) has many advantages. I could talk about many things like improve security. For example think of an environment which you want to protect your directory from unwanted access, even "bind", based on a policy, time or ip for example. Please mention that this mechanism is available in some other products, and also some vendors have developed policy aware directory or a proxy which adds those to the simple directory. (e.g. netiq edirectory or ldap proxy) I mean this need / requirement is actual and natural. _______________________________________________ 389-users mailing list -- [email protected] To unsubscribe send an email to [email protected] _______________________________________________ 389-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
