[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Proxy Authentication



At 11:20 AM 6/29/2005, Matt Yacobucci wrote:
>Must SASL be used to proxy auth for other users?

No.  slapd(8) supports the Proxied Authorization Control.
(I don't recall the precise release it was introduced in,
but it is supported in the latest stable release (2.2.26)
as well as all subsequent releases.)

>I guess really what I'm asking is if I can use ldap_simple_bind_s with
>the LDAPControl and oid of LDAP_CONTROL_PROXY_AUTHZ, or must an
>ldap_sasl_bind method be used?

It is not appropriate to attach the Proxied Authorization
control to a Bind request (simple or SASL).  See the
internet-draft specification (a work in progress).
(I note that issues with the specification of this LDAP
extension (as most others) may be directed to the
<ldapext@ietf.org> mailing list.)

ldapwhoami(1) and ldapsearch(1) may be quite useful in
testing proxied authorization.

Kurt