[Kolab-devel] enlargement of kolab ldap schema for asp service

Alain Spineux aspineux at gmail.com
Mon Jul 30 14:18:46 CEST 2007


On 7/27/07, Bernhard Reiter <bernhard at intevation.de> wrote:
> On Friday 27 July 2007 01:59, Thomas Börnert wrote:
> > > What strikes me as important is that some of the measures should be
> > > controlled in the underlying software, not the web-frontend. In the
> > > current design it would be allowed for the customers to connect to the
> > > ldap server itself, give their credentail and just change the attribute
> > > they can.
> >
> > ok, right ..... in the first step i would not allow ldap access.
> > imho i think the customer need only access to the adressbook,
> > not to the domain manager object and not to the domain object, right ?
>
> It depends on what you would want to allow the customer to do.
> Currently it is quite easy to use the ldap protocol to have an address book
> of the organisation.
>
> For this to work in an ISP situation, I think that it would need to be
> an ldap subtree or use authentification and OpenLDAP access permissions.
>
> > > So how with your web-cyradm would you enforce the options?
> >
> > web-cyradm don't use ldap, it uses mysql.
>
> I think it will be best for you to try doing an experimental extension on your
> part, if you want to move quickly.
>
> I think that Kolab Server mainstream should stick to the philosophy to check
> everything on OpenLDAP level and deeper
> so that any LDAP tool could be used.

Some extension will want to use private objects (object that kolab
should not take care).
Then add attribute 'private' or use of an objectClass (or not use an
objectClass) to warn
kolab of using some 'private' object can be a good idea.

>
> Bernhard
>
>
> --
> Managing Director - Owner: www.intevation.net      (Free Software Company)
> Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com.
> Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
> Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
>
> _______________________________________________
> Kolab-devel mailing list
> Kolab-devel at kolab.org
> https://kolab.org/mailman/listinfo/kolab-devel
>
>


-- 
--
Alain Spineux
aspineux gmail com
May the sources be with you




More information about the devel mailing list