[SAC] Anonymous and authenticated binding to the LDAP

[Howard Butler]

Shawn,

After our firewall issues were fixed, I have been able to get our  
LDAP setup to allow anonymous authentication so that we do not have  
to have our cn=Manager binding throughout our setup.

I enabled these permissions on the LDAP:

access to attr=userPassword
         by self write
         by anonymous auth
         by users read

access to *
         by self write
         by users read
         by anonymous auth

This allows our authentication and HTTPAuth blocks to be as simple as  
(this is GDAL's Trac on test.osgeo.org):
>     <Location "/gdal/login">
>       AuthType Basic
>       AuthName "GDAL Trac"
>       AuthLDAPURL ldap://66.223.95.242:389/ 
> ou=people,dc=osgeo,dc=org?uid?sub?(objectClass=*)
>       require group cn=gdal,ou=svn,dc=osgeo,dc=org
>     </Location>

Can you confirm that I didn't just open up our LDAP to read/write to  
the entire world and that this looks ok?

Thanks

Howard