hi, a few more ideas for you to think about:
- create a user specific to the package, and
1: use a setuid wrapper binary for doing all ldap communications
or
2: use some kind of user-restricted fastcgi type setup instead of standard
apache mod_php/python/whatever
or
3: run a seperate instance of $webserver listening on a different port
(localhost:8080 or similar), and running as the specific user. you can then
drop in a proxy config to make that available from the standard $webserver.
sean
signature.asc
Description: This is a digitally signed message part.
