On Wed, Feb 09, 2011 at 01:20:22AM -0800, Howard Chu wrote:
Buchan Milne wrote:
On Wednesday, 9 February 2011 01:13:38 masarati@aero.polimi.it wrote:
Please note that you're asking OpenLDAP's slapd to bridge the gap between two broken pieces of code
Very likely, and we are fortunate to have a tool that will fill such gaps as they occur with depressing regularity in large organisations.
Sorry but that just doesn't compute. If you have organizational security standards that are being audited and they forbid anonymous access, then allowing anonymous access to an OpenLDAP proxy that connects to AD is going to be equally forbidden.
In some environments the IP address of the client system is considered to be sufficient authentication. OpenLDAP ACLs can cope with that. AD ACLs are much less flexible.
Andrew