I suppose it can be, but it is a question of where you implement your security. If mailman is to use SQL to store preferences then it is up to mm to deal with what records a user can update. If the mm interface to LDAP goes through one master LDAP account, then it is still mm's job... But if mm binds to LDAP as the mm user, then security is the responsibility of the LDAP server. With OpenLDAP, and NDS permissions can be extreemly fine grained, down to the attribute level. Ive not so much as seen ADS running anywhere, but I can only assume that it does too.
How secure an admin might want to make it is likely to be related to what else, if anything, their LDAP directory is being used for. A hypothetical site with 10,000 users in NDS, and 100,000 other things (printers, queues....), which they have been using for a decade, may be very restrictive. Another site installing MM+LDAP for fun as much as anything else, might just give the MM user unlimited rights.
Kinda like the Bugzilla install docs something to the effect of ".... MySQL's security is an evil beast, and some people actualy use it. If you do, just make sure that 'bugz' has the right rights...."
Quoting moron <moron@industrial.org>:
On January 31, 2004 11:10 am, Chuq Von Rospach wrote:
Mailman <-> LDAP as an interface means that anything that can generate an LDAP interface can talk to it. so perhaps the best thing to do is come up with an LDAP interface, define how the LDAP data should look, and then create a set of MySQL schemas that'll support that. I know barry's wanted to avoid requiring too many "things" to be installed to use Mailman, but when someone chooses to move to MySQL, I don't think it's unfair to assume they have or can install LDAP also.
Isn't LDAP a bit of a security hassle? I would think it is pretty common to have Mailman running on a machine along side MySQL, Apache and and MTA of some sort but wouldn't throwing in LDAP be more like requiring people install a CVS daemon to use Mailman? I'm no LDAP guru but from what I have looked at previously it certainly seemed that way.