[Fedora-directory-devel] BIND control using ACI feature request
C.S.R.C.Murthy
murthy at barc.gov.in
Mon May 12 05:11:09 UTC 2008
Dear sir,
The ACI in fedora directory server can be used to control only
search/read/write operations but not BIND operation. This limitation
leads to certain deficiencies as below,
Suppose for an application that is using ldap for authentication
verification, we want to specify that uids belonging to certain group
can only authenticate but not the entire spectrum of uids, there is no
way to code it in ACI. This is because the application can simply do a
BIND operation with UID belonging to any group and corresponding
password and gets authenticated. So even though I make groups Iam unable
to enforce authentication control.
May I request you to provide BIND control using ACI in future directory
server release.
regards
murthy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: murthy.vcf
Type: text/x-vcard
Size: 137 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-directory-devel/attachments/20080512/2d64c24d/attachment.vcf>
More information about the Fedora-directory-devel
mailing list