[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Translucent Proxy to filter users



Le 30/07/2012 16:45, Aaron Richton a écrit :
On Fri, 27 Jul 2012, Joel Eidsath wrote:

Hello, I'm trying to use our corporate openldap server for
authentication to an application server (Github Enterprise) that does
not support any "memberof" filters for allowed users.

As a workaround, I am looking into a translucent proxy server that
would only return a subset of users. Github Enterprise would only
"see" a few hundred users instead of thousands. Is this doable? Is
there a better solution?
You may use ACLs, if you have a filtering critera. For instance, to exclude users without a telephone number attribute:

access to dn.children="ou=users,dc=domain,dc=com"
    filter=(!(telephoneNumber=*))
    by anonymous peername.ip=w.x.y.z none
    by dn.exact="cn=github,ou=roles,dc=domain,dc=com" none
    by * break

--
BOFH excuse #79:

Look, buddy:  Windows 3.1 IS A General Protection Fault.