7 Oct
2010
7 Oct
'10
10 p.m.
One possible solution is to have the main LDAP server addressable only via STARTTLS and a non-SSL, read-only slave on a different host that's visible only to your LAN.
Very interesting. It would also address some concerns I had with all these third-party LDAP plugins having (potential) write access to the repo.
Thanks a lot for the idea!