On Tue, May 2, 2017 at 10:31 AM, Ian Pilcher <arequip...@gmail.com> wrote: > I had to enable this option, because FreeIPA 4 doesn't make group > membership visible to anonymous binds. The documentation for this > option says: > > This directive should only be used when your LDAP server doesn't > accept anonymous comparisons and you cannot use a dedicated > AuthLDAPBindDN. > > I've been trying to think of a way in which creating an additional LDAP > user, just for this purpose, and storing its password in cleartext in a > configuration file is a better option. I can't come up with anything. > > Does anyone know why this option is discouraged?
It's probably over-stated. It should say that it's the reason this relatively late in the life of mod_ldap/mod_authnz_ldap this directive was added. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
