ldap proxy user bind
michael at stroeder.com
Sun Feb 12 07:57:51 EST 2012
> Yea i am not totally clear about that
> Client's Requirement is
> option to have a ldap proxy user bind to the ldap server if it needs
> more directory rights than an anonymous bind.
> option to use a ldap proxy user when searching.
As said: there's the proxy authorization control (see RFC 4370) for which a
Python class exists in python-ldap. This is used e.g. in web applications if
the user has successfully authenticated to the application and his identity
should be used when processing ACLs in the LDAP server. In this case the
"proxy user" is trusted entity to have done authentication right. The proxy
authz control is sent by the application with each LDAP request. The server
has to be correctly configured to accept that.
Another option is a LDAP proxy server which accepts anon requests and binds as
a certain user. You could OpenLDAP with back-ldap or back-meta for that.
So you should ask your customer what's really needed.
More information about the Python-list