Michael Ströder <michael(a)stroeder.com> wrote:
So why not point these ill-designed apps to a different DSA
by back-ldap with such an ACL?
Yes, that would work. It moves the setup to clients, with might be a bit
more complicated to handle than the server for system administrators:
there can be many clients, some of them you don't manage yourself.