3 Replies Latest reply on Aug 21, 2007 8:29 AM by Kevin Williams

    LDAP integration & why using Admin is a bad idea.

       

      Clearspace has, like many applications, the ability to authenticate a user via LDAP. This is a wonderful feature. However most applications do not require r/w admin level access to the LDAP server.  You store my admin password in a web application. A web application that is at least partially intended to be public facing. This is an incredibly silly and horribly insecure setup.

       

       

      I might have a slight misunderstanding of what clearspace does, but why exactly does it require r/w admin level access again ?

       

       

      (Correct me if I am wrong, but I asked the support person via the chat and she said read only and/or no admin could not be done.)