> On Nov 17, 2017, at 12:34 AM, William Brown wrote:
>
> Whoa mate - I'm not here to claim that 389 is a better ldap server - we
> just do some different things. We acknowledge our limitations and are
> really working on them and paying down our tech debt. We want to remove
MJ J wrote:
> I know because I have built such a system (based on OpenLDAP) and
> deployed it internationally.
So what makes your system special, which goals does it reach and how?
Ciao, Michael.
On Fri, 2017-11-17 at 12:51 +1000, William Brown wrote:
> On Thu, 2017-11-16 at 11:26 -0500, John Lewis wrote:
> > I want to have one account for modifying both a LDAP directory and
> > a
> > Mediawiki. What tactic would you you use to do it?
>
> I'm not sure this is a tough issue: the access
William Brown wrote:
> Just want to point out there are some security risks with ssf settings.
> I have documented these here:
>
> https://fy.blackhats.net.au/blog/html/2016/11/23/the_minssf_trap.html
Nice writeup. I always considered SSF values to be naive and somewhat
overrated. People expect
MJ J wrote:
> You're right, except for the fact that deploying 2 lines of new code
> into production can still be a long process ;-) The phrase comes to
> mind: If it ain't broken, don't fix it.
You're free to decide to ignore good advice.
But you have to accept that someone might point out