[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: SASL support in back-ldap & back-meta (ITS#3022)
> -----Original Message-----
> From: owner-openldap-bugs@OpenLDAP.org
> [mailto:owner-openldap-bugs@OpenLDAP.org]On Behalf Of ando@sys-net.it
> Actually, I'm not sure this can be done; on the other hand, back-ldap
> already supports the proxyAuthz control, which is purposely
> intended to
> allow auth propagation between DSAs. Could this be of use?
> To exploit
> it, the remote server must support the control as well, and back-ldap
> needs to be compiled with the LDAP_BACK_PROXY_AUTHZ macro
> defined. Don't
> know anything about AD support for this control, though.
Right, the strong authentication mechanisms cannot be transparently
propagated. However, for the SASL mechs that use in-directory passwords,
back-ldap can supply them as well as any other backend.
> Of course, for your purpose, back-ldap should allow SASL bind for the
> rootdn, or other administrative users, while now only simple
> bind can be
> used. I have no idea how practical this would be.
I think the only thing we could add here is SASL Binds for the
rootdn/administrative user.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support