httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Pilcher <arequip...@gmail.com>
Subject [users@httpd] Why is AuthLDAPCompareAsUser discouraged?
Date Tue, 02 May 2017 14:31:02 GMT
I had to enable this option, because FreeIPA 4 doesn't make group
membership visible to anonymous binds.  The documentation for this
option says:

   This directive should only be used when your LDAP server doesn't
   accept anonymous comparisons and you cannot use a dedicated
   AuthLDAPBindDN.

I've been trying to think of a way in which creating an additional LDAP
user, just for this purpose, and storing its password in cleartext in a
configuration file is a better option.  I can't come up with anything.

Does anyone know why this option is discouraged?

-- 
========================================================================
Ian Pilcher                                         arequipeno@gmail.com
-------- "I grew up before Mark Zuckerberg invented friendship" --------
========================================================================

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message