[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: EXTERNAL/ldap://

> -----Original Message-----
> From: owner-openldap-devel@OpenLDAP.org
> [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of Igor Brezac

> What do you think about making EXTERNAL/ldap://
> work the same as
> EXTERNAL/ldapi:///?  Unix domain sockets on solaris are not
> that great.
> :(

There is no mechanism for passing Unix credentials across an IP socket. The
SASL/EXTERNAL mechanism requires that the external security layer
communicates a user ID from the client to the server; you cannot do this over
an IP socket without a protocol like Kerberos, SSL, etc...

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support