Emmanuel Dreyfus wrote:
Michael Ströder <michael(a)stroeder.com> wrote:
> So why not point these ill-designed apps to a different DSA implemented
> by back-ldap with such an ACL?
Yes, that would work. It moves the setup to clients, with might be a bit
more complicated to handle than the server for system administrators:
there can be many clients, some of them you don't manage yourself.
=> Use back-ldap based setup for all anon access. Access to the real DSA
only to authenticated clients.