If you have a complete control over an application configuration,
anyway you can do anything you want, even use/etc/passwd file instead
of LDAP :)
If you consider however that a bind limitation based on the ACIs could
be a useful feature you can request this feature at the bugzilla of
Fedora Directory Server (
bugzilla.redhat.com). I don't know whether
this feature exists in OpenLDAP or Active Directory...
2008/5/11 <murthy(a)barc.gov.in>:
Thank you very much for the URLs. This will help me to control
users of
which group can authenticate using ldap and go through proxy. I will
follow this approach.
> As far as i can see making a quick google search squid can do
> authorisation using ldap fi> Still there is the case where if the squid proxy
server is administered
by some other people, they can bypass this restriction as instead of
defining filters for ldap operation, they can simply use BIND operation
to get authenticated. This can never be controlled at the LDAP server
level. For that matter this can be used by any application to bypass
group level control.