On Wed, Feb 09, 2011 at 01:20:22AM -0800, Howard Chu wrote: > Buchan Milne wrote: > >On Wednesday, 9 February 2011 01:13:38 [email protected] wrote:
> >>Please note that you're asking OpenLDAP's slapd to bridge > >>the gap between two broken pieces of code Very likely, and we are fortunate to have a tool that will fill such gaps as they occur with depressing regularity in large organisations. > Sorry but that just doesn't compute. If you have organizational > security standards that are being audited and they forbid anonymous > access, then allowing anonymous access to an OpenLDAP proxy that > connects to AD is going to be equally forbidden. In some environments the IP address of the client system is considered to be sufficient authentication. OpenLDAP ACLs can cope with that. AD ACLs are much less flexible. Andrew -- ----------------------------------------------------------------------- | From Andrew Findlay, Skills 1st Ltd | | Consultant in large-scale systems, networks, and directory services | | http://www.skills-1st.co.uk/ +44 1628 782565 | -----------------------------------------------------------------------
