[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: commit: ldap/tests/scripts test028-idassert conf.sh

Quanah Gibson-Mount wrote:

I've finally gotten to the point where I would like to start testing back-ldap with SASL.

One of my initial concerns in reading the man page in 2.3.1 alpha is that the acl-authcDN that is used to query the ACL's from the target server appears to only support simple binds. In Stanford's environment, we don't support simple binds at all, which means I have no way of letting back-ldap (or back-meta) query the target server for the ACL information.

However, I understand my reading of this may be entirely incorrect, and that there is a way to set the acl-authcDN and combine that with the idassert feature so that a SASL mech can be used to do the bind to the target server for ACL information. Can you let me know if I'm incorrect in my assumption on the simple bind?

In short, currently acl-authcDN only does simple bind; I was planning to port the SASL stuff of idassert to it, but I havent' done it yet, and I don't think I'll do shortly, essentially because I'd like first to merge the identity configuration stuff with back-config's, since there might be a lot of commonality. If you want to play with SASL auth for back-ldap, I could prepare a quick fix, so that you can start and see if it fits your needs (I have no idea whether the idassert SASL authc works with GSSAPI).


SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497