Re: Translucent Proxy to filter users

[Guillaume Rousse <guillomovitch@gmail.com>]

Le 30/07/2012 16:45, Aaron Richton a écrit :
> On Fri, 27 Jul 2012, Joel Eidsath wrote:
>
> > Hello, I'm trying to use our corporate openldap server for
> > authentication to an application server (Github Enterprise) that does
> > not support any "memberof" filters for allowed users.
> >
> > As a workaround, I am looking into a translucent proxy server that
> > would only return a subset of users. Github Enterprise would only
> > "see" a few hundred users instead of thousands. Is this doable? Is
> > there a better solution?
You may use ACLs, if you have a filtering critera. For instance, to 
exclude users without a telephone number attribute:

access to dn.children="ou=users,dc=domain,dc=com"
    filter=(!(telephoneNumber=*))
    by anonymous peername.ip=w.x.y.z none
    by dn.exact="cn=github,ou=roles,dc=domain,dc=com" none
    by * break

--
BOFH excuse #79:

Look, buddy:  Windows 3.1 IS A General Protection Fault.