[Twisted-Python] ldaptor and bind

Tommi Virtanen tv at eagain.net
Mon Jan 7 18:54:48 EST 2008

On Tue, Jan 08, 2008 at 12:34:29AM +0100, Ottavio Campana wrote:
>> Umm, if you didn't even realize you need to protect against
>> modification, do you really think you can manage to implement
>> it securely?
> well, considering that data provided through ldap is for readonly use, that 
> ldap exports information saved in a database which is protected, that 
> clients access the ldap server only read only and the network is not 
> hostile, I think it could be acceptable.

Yes but unless you do something to prevent writes anonymous can
overwrite anyones password. That sort of makes any read restrictions
pointless, doesn't it?

> PS: going on with my idea, I could overwrite handle_LDAPModifyDNRequest by 
> always rising ldaperrors.LDAPUnwillingToPerform. The same for all other 
> add/delete/modify request...

Ah, good. You realize they are there ;) That was my point, earlier you
spoke only of filtering search requests. To implement ACLs, you need
way more than that.

:(){ :|:&};:

More information about the Twisted-Python mailing list