[Kolab-devel] enlargement of kolab ldap schema for asp service

Bernhard Reiter bernhard at intevation.de
Fri Jul 27 17:23:05 CEST 2007


On Friday 27 July 2007 01:59, Thomas Börnert wrote:
> > What strikes me as important is that some of the measures should be
> > controlled in the underlying software, not the web-frontend. In the
> > current design it would be allowed for the customers to connect to the
> > ldap server itself, give their credentail and just change the attribute
> > they can.
>
> ok, right ..... in the first step i would not allow ldap access.
> imho i think the customer need only access to the adressbook,
> not to the domain manager object and not to the domain object, right ?

It depends on what you would want to allow the customer to do.
Currently it is quite easy to use the ldap protocol to have an address book
of the organisation. 

For this to work in an ISP situation, I think that it would need to be
an ldap subtree or use authentification and OpenLDAP access permissions.

> > So how with your web-cyradm would you enforce the options?
>
> web-cyradm don't use ldap, it uses mysql.

I think it will be best for you to try doing an experimental extension on your 
part, if you want to move quickly. 

I think that Kolab Server mainstream should stick to the philosophy to check 
everything on OpenLDAP level and deeper
so that any LDAP tool could be used.

Bernhard


-- 
Managing Director - Owner: www.intevation.net      (Free Software Company)
Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com.
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.kolab.org/pipermail/devel/attachments/20070727/c5ce90d5/attachment.sig>


More information about the devel mailing list