[Mageia-webteam] [Mageia-sysadm] New test tree in ldap

Mon Jan 24 18:14:14 CET 2011

Le lundi 24 janvier 2011 à 11:20 +0000, Kosmas Chatzimichalis a écrit :
+> On 24 January 2011 09:41, Maât <maat-ml at vilarem.net> wrote:
+> 
+> > Le 24/01/2011 10:18, Michael Scherer a écrit :
+> > > Hi,
+> > >
+> > > As asked by forum team, I have created a ldap subtree for testing the
+> > > phpbb ldap integration, since they want to test on a server that is not
+> > > managed by us, and so this could cause security issues ie, if a remote
+> > > server is compromised for various reasons ( like not being treated as
+> > > production, which is a reasonable assumption for a test server ) and
+> > > someone start to gather username, email, and so on.
+> > great ! Thank you Misc :)
+> >
+> > > The tree is dc=test_ldap, there is just the top level entry and there is
+> > > no acl. ( maybe I should have called it test_ldap_forum )
+> > >
+> >
+> 
+> Wouldn't a similar integration needed for the maintainer's db?
+
+Yes.
+
+> Would we need a different user name for the application, or we would have a
+> group that exists there and has admin permissions in the app?
+
+The login do not have write access to the ldap, it just here to connect
+to ldap,do the login ( like misc ) to ldap login mapping ( like
+uid=misc,ou=People,dc=mageia,dc=org ), and then test if the password is
+correct by binding to ldap using ldap login and the password.
+
+Now, if you need to store something to ldap, we can arrange something,
+but that would requires to change ACLs ( and I think that it is better
+to not use ldap to store this, for various reason like "ldap is more
+complex to manage than sql" )
+ 
+> I was going to ask about the integration options and how we are actually
+> need to get the data, so that was good timing :-)
+> 
+> Should I be using the details mentioned in previous emails, for connecting
+> to the server and testing?
+
+I will mail you a account/password once I have created it on the ldap.
+
+-- 
+Michael Scherer
+
+