sajuptpm wrote:
Yea i am not totally clear about that
Client's Requirement is
option to have a ldap proxy user bind to the ldap server if it needs
more directory rights than an anonymous bind.
option to use a ldap proxy user when searching.
As said: there's the proxy authorization control (see RFC 4370) for which a
Python class exists in python-ldap. This is used e.g. in web applications if
the user has successfully authenticated to the application and his identity
should be used when processing ACLs in the LDAP server. In this case the
"proxy user" is trusted entity to have done authentication right. The proxy
authz control is sent by the application with each LDAP request. The server
has to be correctly configured to accept that.
Another option is a LDAP proxy server which accepts anon requests and binds as
a certain user. You could OpenLDAP with back-ldap or back-meta for that.
So you should ask your customer what's really needed.
Ciao, Michael.
--
http://mail.python.org/mailman/listinfo/python-list
