[Date Prev][Date Next] [Chronological] [Thread] [Top]

identity assertion in back-ldap

I've committed a major improvement in identity assertion
for back-ldap, i.e. now the proxy can bind via SASL, and
do SASL authorization if required, thus avoiding the
repeated proxyAuthz control at every operation.  I plan to
extend the SASL bind to the binddn/bindpw; SASL
operations need some cleanup yet, but it's essentially

This required to defer slap_sasl_destroy() after backend
destruction, otherwise sasl_done would be called before
the ldap_unbind() in back-ldap destruction, causing client
library sasl operations on invalid SASL data structures.

I wonder if any other auth method should be made available?

Unofrtunately, I ran out of man power (myself ;)for this
week (including weekend).  I'd appreciate some feedback,
to focus on essential features.

Ciao, p.