[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL support in back-ldap & back-meta (ITS#3022)

To: openldap-its@OpenLDAP.org
Subject: SASL support in back-ldap & back-meta (ITS#3022)
From: quanah@stanford.edu
Date: Mon, 15 Mar 2004 17:27:25 GMT

Full_Name: Quanah Gibson-Mount
Version: 2.2.6
OS: Solaris 8
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (171.64.19.82)


I think it would be very useful to have SASL support in the back-ldap &
back-meta backends.  I have a few cases where I think this would be useful:


1) Have an application on a VLAN that cannot see the directory service.  As a
workaround, set up a back-ldap server on the bridge between VLAN & normal
internet, that can see both systems.  The application does a bind to the
back-ldap server, which either (a) forwards the credentials of the application
via the back-ldap server to the directory service, or (b) does a bind to the
back-ldap server, which then does its own bind (GSSAPI) to the directory
service.  The directory service in this case has ACL's for the back-ldap server,
and returns attributes accordingly.

2) Replication to AD via back-ldap & back-meta and GSSAPI.  AD supports GSSAPI
binds, and could be replicated to via GSSAPI.  Unfortunately, AD has its own
custom schema.  So what I would like to be able to do, is set up a backend
server that would replicate to AD via schema mappings in back-meta and/or
back-ldap.  Something I'm not quite sure on there are little schema bits like SN
being singular instead of multiple in AD, but I suppose that is a seperate
issue.

--Quanah

Prev by Date: Re: Segmentaion fault with ldap backend (ITS#3021)
Next by Date: Re: Total operations missing from monitor backend (ITS#2983)
Index(es):
- Chronological
- Thread