On 03/22/2013 09:12 AM, Jan-Frode Myklebust wrote:
> This works:
>       Require ldap-attribute 
> memberof="cn=cactiaccess,cn=groups,cn=accounts,dc=example,dc=net"
> but only if I also provide a username/password for apache
> to bind as. Doesn't work with unauthenticated binds.
>   -jf
Because anonymous binds are rightly turned off by default, you can turn
them on on the server but this is a security risk as well as storing
passwords in the file. You need to assess what is the least of two evils
for your environment.
The best would have been for apache to support GSSAPI for that matter
but based on the link you sent this is not the case.
IMO you should file and RFE for them to support GSSAPI bind and not only
bind with the password.

Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.

Looking to carve out IT costs?

Freeipa-users mailing list

Reply via email to