On 19/04/2013 17:20, Howard Chu wrote:
Better to do this in a slapd ACL and enforce from the server side, than to rely on correctness of multiple clients.access to attrs=userpassword filter=(globalLock=off) by anonymous auth
We don't use LDAP for passwords, and that wouldn't prevent SSH key logins either.
Also we trust our client config just as much as our LDAP config. -- Liam Gretton [email protected] HPC Architect http://www.le.ac.uk/its/ IT Services Tel: +44 (0)116 2522254 University Of Leicester, University Road Leicestershire LE1 7RH, United Kingdom
