[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: back-config again

To: openldap-devel@OpenLDAP.org
Subject: Re: back-config again
From: Donn Cave <donn@u.washington.edu>
Date: Mon, 29 Mar 2004 09:52:00 -0800
In-reply-to: <6.0.1.1.0.20040329082641.048af728@127.0.0.1>

On Monday, March 29, 2004, at 08:35 AM, Kurt D. Zeilenga wrote:

At 11:21 PM 3/28/2004, Michael Ströder wrote:

...

And what would happen if one would like to build --without-cyrus-sasl?
Builtin EXTERNAL (coming soon I hope) or slapadd(8).


Builtin EXTERNAL?  Is that an oxymoron or what?

We've been using a hack to simple bind to authenticate with SSL
certificates, in 2.1 and 2.2, mainly so we could support client
libraries on some MS Windows & MacOS X platforms that have SASL
but no `external' option.  The client basically just sends some
standard stuff, that would not be valid in a normal simple bind,
to signal it wants a certificate bind.  It's 100 or so lines of
extra code in bind.c, but mods to existing code are limited to
one spot.

I don't think it would require Cyrus SASL on the server, either,
though I haven't tried it.  The only obvious sasl requirement is
slap_sasl_regexp().

I'm guessing this may actually be a heresy and not what you meant,
but it does work with any old LDAP client.

	Donn Cave, University Computing Services, University of Washington
	donn@u.washington.edu

Follow-Ups:
- builtin EXTERNAL (Was: back-config again)
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- SSL authentication
  - From: "Howard Chu" <hyc@highlandsun.com>

References:
- Re: back-config again
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: back-config again
Next by Date: builtin EXTERNAL (Was: back-config again)
Index(es):
- Chronological
- Thread