[Date Prev][Date Next]
Re: (ITS#5856) adauth overlay contribution
> One suggestion following a very quick scan of the code: I think it
> would be worth bringing the warning about turning off TLS checks
> into the manual page.
> In particular, there is no reason for this
> to be AD-specific and it should be easy to adapt it to authenticate
> against any [collection of] remote LDAP servers.
Actually, it may not be AD specific as is. If you define default_domain
to be some rubbish, and default_realm to be the remote AD server, then
everything else (including the remote bind DN) can be fetched from the DIT.
But I haven't tried this. But what wouldn't get passed back is any
information flowing from password controls - and that's an annoyance, which
is why I didn't generalise the code (and because HP had no business need
for that approach anyway).
SSL, HP Labs/Office of Strategy and Technology Hewlett-Packard Limited
Cain Road, Bracknell, Berks
RG12 1HN Registered No: 690597 England