[SAC] LDAP in Drupal

Jason Birch Jason.Birch at nanaimo.ca
Wed Dec 19 16:43:59 EST 2007

Frank wrote:
I think this is great news (despite some early concern).

I have to say, I still have some concerns.  Is running the entire Drupal
auth under a manager role really worth allowing users to reset their own
passwords via Drupal (which is, as I understand it, the only additional
benefit?)  Regardless, I think that whatever role Drupal is running
under should have the least possible priveleges required to perform the
necessary functions.  Not being an LDAP guru, I don't know what that is,
but we should definitely avoid giving Drupal what amounts to Domain
Administrator role in AD.  That's just asking for trouble when/if a
Drupal exploit emerges.

Apart from this concern, I have ongoing lack-of-sleep about
allowing/defaulting-to standard http for authentication of both Drupal
and Trac instances.  If there are any mods available to ensure that
logins are only accessed under SSL, I would be feeling a little more


More information about the Sac mailing list