Sync with gnome releases

Linas Vepstas linas@linas.org
Thu, 19 Jul 2001 11:15:33 -0500 

On Thu, Jul 19, 2001 at 10:54:46AM +0100, Paul Campbell was heard to remark:
> On 2001.07.19 02:36:46 +0100 Linas Vepstas wrote:
> > On Wed, Jul 18, 2001 at 06:14:17PM -0700, Dave Peticolas was heard to
> > remark:
> > > > 
> > > > -- I want to associate specific address info with specific accounts.
> > > >    So I need to store at least one or more "cn=" with gnucash data.
> > > 
> > > It seems that ldap entries have uids -- why not associate in the
> > > other direction? 
> > 
> > 1) Because I don't think you can trust LDAP servers, whether public,
> >    or privately administered.  Once you've set up gnucash account info,
> >    you don't want someone getting into your data and changing addresses
> >    on you.
> 
> Wouldn't that be where LDAP authentication comes in? I'm developing an MIS
> website at work, and I use our LDAP server for authentication to access the
> site. The web server (apache) has to authenticate to the LDAP server before
> it can auth. any users to the site. Even then I can't update any of the
> data in the LDAP repository, it's a read-only account.

The situation I'm trying to avoid is one where the gnucash user has set the
contact address to e.g.

MyISP Inc.
MailStop 1234
111 Main St.
Anytown USA

and the LDAP sysadmin (who has write priveleges0 looks at this and says,
'oh gee, my technical contact is not at M/S 1234, he's at 1235' and changes
the entries.  Suddenly, payments are not going the the billing dept. but
to the technical contact!

The point being that the gnucash user should have absolute control over
thier data, and should not allow other non-gnucash users to modify it.
 
> I haven't looked into this, but couldn't you extended the schema for the
> LDAP repository and protect those fields from being accessed (read-only or
> otherwise) by users without the appropriate clearance?

I suppose ... one could make a schema with gnucash-private fields in them,
but that begs the question.

--linas

-- 
I'm very PUBLIC-MINDED, I'm helping a NIGERIAN get his $25,000,000 back!