Emmanuel Dreyfus wrote: > Michael Ströder <[email protected]> wrote: > >> So why not point these ill-designed apps to a different DSA implemented >> by back-ldap with such an ACL? > > Yes, that would work. It moves the setup to clients, with might be a bit > more complicated to handle than the server for system administrators: > there can be many clients, some of them you don't manage yourself.
=> Use back-ldap based setup for all anon access. Access to the real DSA only to authenticated clients. Ciao, Michael.
