[Date Prev][Date Next]
identity assertion in back-ldap
- To: openldap-devel@OpenLDAP.org
- Subject: identity assertion in back-ldap
- From: Pierangelo Masarati <firstname.lastname@example.org>
- Date: Sat, 15 May 2004 10:16:09 +0200
- User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003
I've committed a major improvement in identity assertion
for back-ldap, i.e. now the proxy can bind via SASL, and
do SASL authorization if required, thus avoiding the
repeated proxyAuthz control at every operation. I plan to
extend the SASL bind to the binddn/bindpw; SASL
operations need some cleanup yet, but it's essentially
This required to defer slap_sasl_destroy() after backend
destruction, otherwise sasl_done would be called before
the ldap_unbind() in back-ldap destruction, causing client
library sasl operations on invalid SASL data structures.
I wonder if any other auth method should be made available?
Unofrtunately, I ran out of man power (myself ;)for this
week (including weekend). I'd appreciate some feedback,
to focus on essential features.