[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: rewrite a login into a dn in simple bind
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Quanah
Gibson-Mount
> Hm, to be more specific, I know you can replicate a subtree
> in 2.1... I'm
> think more, you can't limit to specific attributes in a
> subtree -- Like
> just uid, which is what he wants, out of an unknown number of
> attributes.
> Our account tree has many, including uid. So, with 2.2, it
> is possible to
> replicate just particular attributes of a given tree to a replica. :)
Are you forgetting the "attr" option in the 2.1 replica clause?
And to tie this back to the original question - you can certainly point your
clients at a back-ldap that has been configured with the info it needs to
bind to the real directory. Of course, if the back-ldap allows anonymous
clients to query it, this isn't any more secure than before. It's even worse,
actually, and your traffic is still in the clear instead of encrypted...
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support