httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: [users@httpd] Why is AuthLDAPCompareAsUser discouraged?
Date Tue, 02 May 2017 14:34:20 GMT
On Tue, May 2, 2017 at 10:31 AM, Ian Pilcher <arequipeno@gmail.com> wrote:
> I had to enable this option, because FreeIPA 4 doesn't make group
> membership visible to anonymous binds.  The documentation for this
> option says:
>
>   This directive should only be used when your LDAP server doesn't
>   accept anonymous comparisons and you cannot use a dedicated
>   AuthLDAPBindDN.
>
> I've been trying to think of a way in which creating an additional LDAP
> user, just for this purpose, and storing its password in cleartext in a
> configuration file is a better option.  I can't come up with anything.
>
> Does anyone know why this option is discouraged?

It's probably over-stated. It should say that it's the reason this
relatively late in the life of mod_ldap/mod_authnz_ldap this directive
was added.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message