[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap proxy/cache/replication, ala AD

To: kgorling@physik.TU-Berlin.DE
Subject: Re: ldap proxy/cache/replication, ala AD
From: Luke Howard <lukeh@padl.com>
Date: Thu, 7 Oct 2004 11:16:41 +1000
Cc: OpenLDAP-software@OpenLDAP.org
Organization: PADL Software Pty Ltd
References: <200410041349.47842.mike.williams@comodo.com> <200410061738.41406.mike.williams@comodo.com> <20041006183021.GB54763@rosa.physik.tu-berlin.de>
Versions: dmail (bsd44) 2.6d/makemail 2.10

>> Taking my example of a laptop user:
>> UserA logins, does some work, logs out, and goes home taking the laptop.
>> UserA wants to do some work at home, but, oh no, he can't login as the LDAP 
>> server isn't available.
>> 
>> In a windows domain infrastructure UserA's credentials would have been cached, 
>
>I'm quite sure AD uses an other mechanism outside of LDAP to do this.
>Otherwise it would be a horrible security-breach: You are suggesting,
>that every User has its own LDAP-Server on his own Laptop, so 
>extracting confidential Data would be real easy.

Although they are not yet ready for production, you might find the
following interesting:

	http://www.padl.com/OSS/pam_ccreds.html
	http://www.padl.com/OSS/nss_updatedb.html

-- Luke

--

References:
- ldap proxy/cache/replication, ala AD
  - From: Mike Williams <mike.williams@comodo.com>
- Re: ldap proxy/cache/replication, ala AD
  - From: Mike Williams <mike.williams@comodo.com>
- Re: ldap proxy/cache/replication, ala AD
  - From: Karsten Gorling <kgorling@physik.TU-Berlin.DE>

Prev by Date: Re: regex in group ACL
Next by Date: Using PHP with LDAP
Index(es):
- Chronological
- Thread