[prev in list] [next in list] [prev in thread] [next in thread]
List: openldap-bugs
Subject: RE: SASL support in back-ldap & back-meta (ITS#3022)
From: hyc () highlandsun ! com
Date: 2004-03-17 22:18:28
Message-ID: 200403172218.i2HMISH4036073 () boole ! openldap ! org
[Download RAW message or body]
> -----Original Message-----
> From: owner-openldap-bugs@OpenLDAP.org
> [mailto:owner-openldap-bugs@OpenLDAP.org]On Behalf Of ando@sys-net.it
> Actually, I'm not sure this can be done; on the other hand, back-ldap
> already supports the proxyAuthz control, which is purposely
> intended to
> allow auth propagation between DSAs. Could this be of use?
> To exploit
> it, the remote server must support the control as well, and back-ldap
> needs to be compiled with the LDAP_BACK_PROXY_AUTHZ macro
> defined. Don't
> know anything about AD support for this control, though.
Right, the strong authentication mechanisms cannot be transparently
propagated. However, for the SASL mechs that use in-directory passwords,
back-ldap can supply them as well as any other backend.
> Of course, for your purpose, back-ldap should allow SASL bind for the
> rootdn, or other administrative users, while now only simple
> bind can be
> used. I have no idea how practical this would be.
I think the only thing we could add here is SASL Binds for the
rootdn/administrative user.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic