Hi all, Due to the lack of non-anonymous bind, i solved it by building a replicating ldap instance only bind to localhost on each proxmox node. This is a pain in the ass and very error prone - especially on schema changes, which have to be propagated to all nodes.
On Thu, Oct 8, 2015 at 11:57 AM, Dietmar Maurer <diet...@proxmox.com> wrote: > > IMHO this is a security risk (adding plain text passwords to www-data > readable > files) I'd also like to get this feature into proxmox and I don't think that it's an security risk. Having anonymous bind is more insecure than non-anonymous binds iff (if-and-only-if) this non-anonymous bind is restricted on the ldap server side. I have a special query user for this which has only read permission on some attributes in a subtree. There could be a problem binding to an SSL secured server with self-signed certificates. I don't think that there is (or should be) a GUI parameter to accept such a certificate. Is has to be configured as always directly in /etc/ldap/ldap.conf, hasn't it? Best, Andreas
_______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
