-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/29/2010 10:59 AM, Javier Palacios wrote: > Yes, the ACLs, because I'm not thinking on a single user with full > privileges and many users without any privileges. > > Let say, I would like the DNS admins to modify their entries, and the > "user" administrator to create or modify user entries. That means > giving any of them only partial privileges. If you use any kind of > 'proxy' (as phpldapadmin) it must be aware of existing ACL and the > most sensible way to acomplish that is to let the ldap server evaluate > them, using direct identification against the ldap server. > The phpldapadmin I remember (it might have evolved) has a single user > and wasn't capable to do this.
True. So it's not that phpldapadmin "doesn't work" or "breaks" with these ACLs, it's just that it bypasses them entirely. So we can say it doesn't take advantage of them. It's a choice. Maybe at some point it could work in such a way that it would use the user's credentials to access the directory instead of the rootdn or some other proxy user. I wonder if sasl authorization could be more widely used and how it could help. It was meant to be used by such proxy agents I believe. - -- Andreas Hasenack [email protected] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvZlJUACgkQeEJZs/PdwpDa5wCfWcacFrHYeq4QScJDGaXUJtIa kTUAn3rKr9blZnBIYUk6IK5ax1EfFN5u =2ZWz -----END PGP SIGNATURE----- -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
