| Abstract |
LDAP directories offer a fine-grain authorization framework,
but these capabilities are often ignored by poorly
written applications which require accounts with very
high privileges to manage LDAP data.
Proxied Authorization is a LDAP security mechanism
which helps to develop less critical client applications.
Unfortunately, developers of client applications seem to
ignore this opportunity.
The article will discuss general aspects of LDAP Proxied
Authorization comparing available implementations, will
show, using a fictional scenario, how to use it with common
tools and how to write custom applications. Finally,
it will present benefits, some potential problems and possible
solutions. |
