[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Translucent Proxy to filter users
On Fri, 27 Jul 2012, Joel Eidsath wrote:
Hello, I'm trying to use our corporate openldap server for
authentication to an application server (Github Enterprise) that does
not support any "memberof" filters for allowed users.
As a workaround, I am looking into a translucent proxy server that would
only return a subset of users. Github Enterprise would only "see" a few
hundred users instead of thousands. Is this doable? Is there a better
solution?
You could certainly work on an appropriate back-{ldap,relay,etc}
configuration, but it's probably needless weight. Assuming the client
supports a bindDN, I'd consider creating an ACL that only allows access to
"a subset of users" that's desired and disallows !subset users.
Oversimplified:
access to * group.expand="cn=githubgroup" by "cn=githubbinddn" read
access to * by "cn=githubbinddn" none