[Date Prev][Date Next] [Chronological] [Thread] [Top]

Ref : (ITS#4057) [feature request] allow to defer bind to targets in back-meta when binding as rootdn



This is a multipart message in MIME format.
--=_alternative 002D215FC125708F_=
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi;
This feauture is very helpful.=20
It avoids polluting your target directories on LAN and WAN with undesired=20
and irrelevant BIND requests.
I use back meta since 2003 and I have to patch each version to avoid this=20
BIND propagation (which is versy costy in some cases).

I can submit my patch for 2.3.7 if necessary (I know it is not aimed at=20
general use).

Best regards
Ali Pouya








ando@sys-net.it
Envoy=E9 par : owner-openldap-bugs@OpenLDAP.org
01/10/2005 10:57

=20
        Pour :  openldap-its@OpenLDAP.org
        cc :=20
        Objet : (ITS#4057) [feature request] allow to defer bind to targets=
 in back-meta=20
when binding as rootdn


Full=5FName: Pierangelo Masarati
Version: any
OS: irrelevant
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (81.74.43.82)
Submitted by: ando


back-meta implements the pseudorootn feature; this is a sort of a subset=20
of the
identity assertion implemented in back-ldap, consisting in mapping the=20
client
identity onto a well-known identity for each of the target servers when=20
bound as
the rootdn of the meta backend.  While having identity assertion would be=20
fine,
a minimal enhancement would be to defer target binds to the time they're
actually needed by subsequent operations, allowing the client's=20
authentication
to be evaluated by the proxy database alone.





--=_alternative 002D215FC125708F_=
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


<br><font size=3D2 face=3D"sans-serif">Hi;</font>
<br><font size=3D2 face=3D"sans-serif">This feauture is very helpful. </fon=
t>
<br><font size=3D2 face=3D"sans-serif">It avoids polluting your target dire=
ctories on LAN and WAN with undesired and irrelevant BIND requests.</font>
<br><font size=3D2 face=3D"sans-serif">I use back meta since 2003 and I hav=
e to patch each version to avoid this BIND propagation (which is versy cost=
y in some cases).</font>
<br>
<br><font size=3D2 face=3D"sans-serif">I can submit my patch for 2.3.7 if n=
ecessary (I know it is not aimed at general use).</font>
<br>
<br><font size=3D2 face=3D"sans-serif">Best regards</font>
<br><font size=3D2 face=3D"sans-serif">Ali Pouya</font>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<table width=3D100%>
<tr valign=3Dtop>
<td>
<td><font size=3D1 face=3D"sans-serif"><b>ando@sys-net.it</b></font>
<br><font size=3D1 face=3D"sans-serif">Envoy=E9 par : owner-openldap-bugs@O=
penLDAP.org</font>
<p><font size=3D1 face=3D"sans-serif">01/10/2005 10:57</font>
<br>
<td><font size=3D1 face=3D"Arial">&nbsp; &nbsp; &nbsp; &nbsp; </font>
<br><font size=3D1 face=3D"sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; Pour : &=
nbsp; &nbsp; &nbsp; &nbsp;openldap-its@OpenLDAP.org</font>
<br><font size=3D1 face=3D"sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; cc : &nb=
sp; &nbsp; &nbsp; &nbsp;</font>
<br><font size=3D1 face=3D"sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; Objet : =
&nbsp; &nbsp; &nbsp; &nbsp;(ITS#4057) [feature request] allow to defer bind=
 to targets in back-meta when binding as rootdn</font></table>
<br>
<br>
<br><font size=3D2 face=3D"Courier New">Full=5FName: Pierangelo Masarati<br>
Version: any<br>
OS: irrelevant<br>
URL: ftp://ftp.openldap.org/incoming/<br>
Submission from: (NULL) (81.74.43.82)<br>
Submitted by: ando<br>
<br>
<br>
back-meta implements the pseudorootn feature; this is a sort of a subset of=
 the<br>
identity assertion implemented in back-ldap, consisting in mapping the clie=
nt<br>
identity onto a well-known identity for each of the target servers when bou=
nd as<br>
the rootdn of the meta backend. &nbsp;While having identity assertion would=
 be fine,<br>
a minimal enhancement would be to defer target binds to the time they're<br>
actually needed by subsequent operations, allowing the client's authenticat=
ion<br>
to be evaluated by the proxy database alone.<br>
<br>
<br>
</font>
<br>
<br>
--=_alternative 002D215FC125708F_=--