[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8267) contributing a new overlay unicodepw




Am 17.10.2015 um 20:58 schrieb Howard Chu:
> ingo.voss@gmail.com wrote:
>> Full_Name: Ingo Voss
>> Version:
>> OS:
>> URL: ftp://ftp.openldap.org/incoming/contrib-slapd-modules-unicodepw.tar
>> Submission from: (NULL) (78.53.86.212)
>>
>>
>> Hello,
>>
>> I wrote a small overlay, that restricts all LDAP modification 
>> requests, so that
>> only password changes for MS unicodePwd are possible.
>> All  other  LDAP requests will not be observed.
>> If someone needs a read-only proxy (in a e.g. dmz) for an MS Active 
>> Directory,
>> but password changes must be possible, then unicodepw is the right 
>> overlay.
>> For more informations, a manual page is included.
>
> If you want a read-only proxy, shouldn't this overlay also intercept 
> and deny all Add/Delete/ModDN requests?
>

Yes, you are right! But such overlay (denyop) exist already and it is 
working well.
The manual page for unicodepw refers to denyop and describes the 
complete configuration in detail.

Kindly regards
Ingo