On Mon, 2017-11-20 at 12:28 +0100, William Brown wrote:
> What do you mean by this? As in "make it so anyone can login to the
> wiki"? Just don't add access controls IE group membership or filter
> tests in the media wiki ldap config. Then "anyone with a valid ldap
> account" can login, with NO
On Mon, 2017-11-20 at 11:22 +, Howard Chu wrote:
> William Brown wrote:
> > On Fri, 2017-11-17 at 08:34 +0100, Michael Ströder wrote:
> > > William Brown wrote:
> > > > Just want to point out there are some security risks with ssf
> > > > settings.
> > > > I have documented these here:
> > > >
On Fri, 2017-11-17 at 07:46 -0500, John Lewis wrote:
> On Fri, 2017-11-17 at 12:51 +1000, William Brown wrote:
> > On Thu, 2017-11-16 at 11:26 -0500, John Lewis wrote:
> > > I want to have one account for modifying both a LDAP directory
> > > and
> > > a
> > > Mediawiki. What tactic would you you
On 20 Nov 2017, at 11:06, Clément OUDOT wrote:
> 2017-11-20 11:59 GMT+01:00 Turbo Fredriksson :
>> You’ve never had the issue I’m having? Or heard about it?
>
> No but I don't use Kerberos authentication.
Ok, thanx for the info!!
signature.asc
William Brown wrote:
On Fri, 2017-11-17 at 08:34 +0100, Michael Ströder wrote:
William Brown wrote:
Just want to point out there are some security risks with ssf
settings.
I have documented these here:
https://fy.blackhats.net.au/blog/html/2016/11/23/the_minssf_trap.ht
ml
Nice writeup. I
2017-11-20 11:59 GMT+01:00 Turbo Fredriksson :
> You’ve never had the issue I’m having? Or heard about it?
No but I don't use Kerberos authentication.
On 20 Nov 2017, at 08:07, Clément OUDOT wrote:
> 2017-11-19 18:09 GMT+01:00 Turbo Fredriksson :
>
>> Have anyone tried running OpenLDAP behind HAProxy?
>
> I do this often, without any particular issue.
Ok, thanx. I thought so :(. I might be running an
2017-11-19 18:09 GMT+01:00 Turbo Fredriksson :
> Have anyone tried running OpenLDAP behind HAProxy? Anything special
> one needs to do?
I do this often, without any particular issue. If you use LDAPS, you
can add option ssl-hello-chk.
Here is a sample configuration file: