[Mageia-webteam] [Mageia-sysadm] New test tree in ldap

[Michael Scherer]

Le lundi 24 janvier 2011 à 11:20 +0000, Kosmas Chatzimichalis a écrit :
> On 24 January 2011 09:41, Maât <maat-ml at vilarem.net> wrote:
> 
> > Le 24/01/2011 10:18, Michael Scherer a écrit :
> > > Hi,
> > >
> > > As asked by forum team, I have created a ldap subtree for testing the
> > > phpbb ldap integration, since they want to test on a server that is not
> > > managed by us, and so this could cause security issues ie, if a remote
> > > server is compromised for various reasons ( like not being treated as
> > > production, which is a reasonable assumption for a test server ) and
> > > someone start to gather username, email, and so on.
> > great ! Thank you Misc :)
> >
> > > The tree is dc=test_ldap, there is just the top level entry and there is
> > > no acl. ( maybe I should have called it test_ldap_forum )
> > >
> >
> 
> Wouldn't a similar integration needed for the maintainer's db?

Yes.

> Would we need a different user name for the application, or we would have a
> group that exists there and has admin permissions in the app?

The login do not have write access to the ldap, it just here to connect
to ldap,do the login ( like misc ) to ldap login mapping ( like
uid=misc,ou=People,dc=mageia,dc=org ), and then test if the password is
correct by binding to ldap using ldap login and the password.

Now, if you need to store something to ldap, we can arrange something,
but that would requires to change ACLs ( and I think that it is better
to not use ldap to store this, for various reason like "ldap is more
complex to manage than sql" )
 
> I was going to ask about the integration options and how we are actually
> need to get the data, so that was good timing :-)
> 
> Should I be using the details mentioned in previous emails, for connecting
> to the server and testing?

I will mail you a account/password once I have created it on the ldap.

-- 
Michael Scherer