В Птн, 11/06/2010 в 09:48 +0200, Maciej Mrozowski пишет: > On Friday 11 of June 2010 09:24:45 Peter Volkov wrote: > > В Чтв, 10/06/2010 в 23:42 -0700, Alec Warner пишет: > > > > I don't agree with that, but just out of curiosity, is it possible to > > > > use a web interface? phpldapadmin or something > > > > > > The problem with phpldapadmin is that it potentially opens up LDAP to > > > the world. > > > > Require everybody to forward connection through ssh to get ldap web > > interface? It's not hard to setup such tunnel manually or e.g. use > > xinetd for automatic tunnel creation on request... Another option is to > > use https with ssl client side certificates). I think it's not hard for > > developers to generate certificates on dev.gentoo.org and import them > > into browsers. > > I suppose simply making LDAP globally available (SSL only) is asking for > trouble. In such case anyway one could choose his/her favourite LDAP client.
I'm talking about _web_ interface with required _ssl client authentification_. I guess it is as secure as ssh. -- Peter.
