On Mon, Oct 27, 2014 at 03:43:03PM -0300, Net Warrior wrote:
Based on the theĀ ACL's I posted from my configuration, what else can you recommend to include, tweak or modify?
As both Michael and Dieter have said, this is very dependent on your site's requirements and policy. You need to work out what those are. If you can answer these questions, we might be able to help you some more:
1) Should an anonymous user be able to get any data at all? (Ignore the root entry: we are talking about the subtree under dc=domain,dc=com here)
2) What classes of user should have access to the data? Examples might be:
LDAP administrator Web applications Desktop addressbook users Webmail users Directory synchronisation processes
3) For each of the above, what data (entries and attributes) do they need?
4) How will the users authenticate to the LDAP service? i.e. Will the user DNs and passwords be configured into the applications, or is the human user expected to supply a username and password each time?
Andrew