[Date Prev][Date Next]
Re: commit: ldap/tests/scripts test028-idassert conf.sh
Quanah Gibson-Mount wrote:
I've finally gotten to the point where I would like to start testing
back-ldap with SASL.
One of my initial concerns in reading the man page in 2.3.1 alpha is
that the acl-authcDN that is used to query the ACL's from the target
server appears to only support simple binds. In Stanford's
environment, we don't support simple binds at all, which means I have
no way of letting back-ldap (or back-meta) query the target server for
the ACL information.
However, I understand my reading of this may be entirely incorrect,
and that there is a way to set the acl-authcDN and combine that with
the idassert feature so that a SASL mech can be used to do the bind
to the target server for ACL information. Can you let me know if I'm
incorrect in my assumption on the simple bind?
In short, currently acl-authcDN only does simple bind; I was planning to
port the SASL stuff of idassert to it, but I havent' done it yet, and I
don't think I'll do shortly, essentially because I'd like first to merge
the identity configuration stuff with back-config's, since there might
be a lot of commonality. If you want to play with SASL auth for
back-ldap, I could prepare a quick fix, so that you can start and see if
it fits your needs (I have no idea whether the idassert SASL authc works
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497