1 |
В Птн, 11/06/2010 в 09:48 +0200, Maciej Mrozowski пишет: |
2 |
> On Friday 11 of June 2010 09:24:45 Peter Volkov wrote: |
3 |
> > В Чтв, 10/06/2010 в 23:42 -0700, Alec Warner пишет: |
4 |
> > > > I don't agree with that, but just out of curiosity, is it possible to |
5 |
> > > > use a web interface? phpldapadmin or something |
6 |
> > > |
7 |
> > > The problem with phpldapadmin is that it potentially opens up LDAP to |
8 |
> > > the world. |
9 |
> > |
10 |
> > Require everybody to forward connection through ssh to get ldap web |
11 |
> > interface? It's not hard to setup such tunnel manually or e.g. use |
12 |
> > xinetd for automatic tunnel creation on request... Another option is to |
13 |
> > use https with ssl client side certificates). I think it's not hard for |
14 |
> > developers to generate certificates on dev.gentoo.org and import them |
15 |
> > into browsers. |
16 |
> |
17 |
> I suppose simply making LDAP globally available (SSL only) is asking for |
18 |
> trouble. In such case anyway one could choose his/her favourite LDAP client. |
19 |
|
20 |
I'm talking about _web_ interface with required _ssl client |
21 |
authentification_. I guess it is as secure as ssh. |
22 |
|
23 |
-- |
24 |
Peter. |