Le 30/07/2012 16:45, Aaron Richton a écrit :
On Fri, 27 Jul 2012, Joel Eidsath wrote:
Hello, I'm trying to use our corporate openldap server for authentication to an application server (Github Enterprise) that does not support any "memberof" filters for allowed users.
As a workaround, I am looking into a translucent proxy server that would only return a subset of users. Github Enterprise would only "see" a few hundred users instead of thousands. Is this doable? Is there a better solution?
You may use ACLs, if you have a filtering critera. For instance, to exclude users without a telephone number attribute:
access to dn.children="ou=users,dc=domain,dc=com" filter=(!(telephoneNumber=*)) by anonymous peername.ip=w.x.y.z none by dn.exact="cn=github,ou=roles,dc=domain,dc=com" none by * break