[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL support in back-ldap & back-meta (ITS#3022)

Full_Name: Quanah Gibson-Mount
Version: 2.2.6
OS: Solaris 8
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

I think it would be very useful to have SASL support in the back-ldap &
back-meta backends.  I have a few cases where I think this would be useful:

1) Have an application on a VLAN that cannot see the directory service.  As a
workaround, set up a back-ldap server on the bridge between VLAN & normal
internet, that can see both systems.  The application does a bind to the
back-ldap server, which either (a) forwards the credentials of the application
via the back-ldap server to the directory service, or (b) does a bind to the
back-ldap server, which then does its own bind (GSSAPI) to the directory
service.  The directory service in this case has ACL's for the back-ldap server,
and returns attributes accordingly.

2) Replication to AD via back-ldap & back-meta and GSSAPI.  AD supports GSSAPI
binds, and could be replicated to via GSSAPI.  Unfortunately, AD has its own
custom schema.  So what I would like to be able to do, is set up a backend
server that would replicate to AD via schema mappings in back-meta and/or
back-ldap.  Something I'm not quite sure on there are little schema bits like SN
being singular instead of multiple in AD, but I suppose that is a seperate