[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
SASL support in back-ldap & back-meta (ITS#3022)
Full_Name: Quanah Gibson-Mount
Version: 2.2.6
OS: Solaris 8
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (171.64.19.82)
I think it would be very useful to have SASL support in the back-ldap &
back-meta backends. I have a few cases where I think this would be useful:
1) Have an application on a VLAN that cannot see the directory service. As a
workaround, set up a back-ldap server on the bridge between VLAN & normal
internet, that can see both systems. The application does a bind to the
back-ldap server, which either (a) forwards the credentials of the application
via the back-ldap server to the directory service, or (b) does a bind to the
back-ldap server, which then does its own bind (GSSAPI) to the directory
service. The directory service in this case has ACL's for the back-ldap server,
and returns attributes accordingly.
2) Replication to AD via back-ldap & back-meta and GSSAPI. AD supports GSSAPI
binds, and could be replicated to via GSSAPI. Unfortunately, AD has its own
custom schema. So what I would like to be able to do, is set up a backend
server that would replicate to AD via schema mappings in back-meta and/or
back-ldap. Something I'm not quite sure on there are little schema bits like SN
being singular instead of multiple in AD, but I suppose that is a seperate
issue.
--Quanah