On Mon, Sep 08, 2003 at 10:29:52PM +0200, Robert Kehl wrote: > Am Mon, 2003-09-08 um 20.13 schrieb Martin Edenhofer: > > > BTW: Authenticated Users do have self write-permission on their password > > > field in LDAP > > > > It's wanted. Because there should be no way (IMO) for other applications > > to write into your LDAP. It's critical, beause some time you will get an > > inconsistent directory if each application is writting into your directory. > > Could you explain that a little bit more? In my eyes LDAP is fully > multi-user capable, as it's widely used in Lunixish environments for > user authentication. I personally use it for a PAM-based LDAP > authentication and addressbook management, as well as for SMTP server > configuration. I am completely relying on LDAP. In other words, > passwords are stored nowhere else and (nearly) parallel write should be > allowed (addressbooks).
What I mean is, if you have 10 applications which are writing to your LDAP tree, the you will get an inconsistent LDAP tree (different objects, different attributes, ...). So normally just one or two applications should have write acces to you LDAP tree (IMO). > Robert Kehl Martin -- Martin Edenhofer - <martin at edenhofer.de> - http://martin.edenhofer.de/ -- Perfection is our goal, excellence will be tolerated. -- J. Yahl _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support oder Consulting für Ihr OTRS System? => http://www.otrs.de/
