| 1 |
В Птн, 11/06/2010 в 09:48 +0200, Maciej Mrozowski пишет: |
| 2 |
> On Friday 11 of June 2010 09:24:45 Peter Volkov wrote: |
| 3 |
> > В Чтв, 10/06/2010 в 23:42 -0700, Alec Warner пишет: |
| 4 |
> > > > I don't agree with that, but just out of curiosity, is it possible to |
| 5 |
> > > > use a web interface? phpldapadmin or something |
| 6 |
> > > |
| 7 |
> > > The problem with phpldapadmin is that it potentially opens up LDAP to |
| 8 |
> > > the world. |
| 9 |
> > |
| 10 |
> > Require everybody to forward connection through ssh to get ldap web |
| 11 |
> > interface? It's not hard to setup such tunnel manually or e.g. use |
| 12 |
> > xinetd for automatic tunnel creation on request... Another option is to |
| 13 |
> > use https with ssl client side certificates). I think it's not hard for |
| 14 |
> > developers to generate certificates on dev.gentoo.org and import them |
| 15 |
> > into browsers. |
| 16 |
> |
| 17 |
> I suppose simply making LDAP globally available (SSL only) is asking for |
| 18 |
> trouble. In such case anyway one could choose his/her favourite LDAP client. |
| 19 |
|
| 20 |
I'm talking about _web_ interface with required _ssl client |
| 21 |
authentification_. I guess it is as secure as ssh. |
| 22 |
|
| 23 |
-- |
| 24 |
Peter. |
Archives