[Date Prev][Date Next]
On Thu, 02 Aug 2001, Daniel Tiefnig spewed into the ether:
Thanks for the comments, I need to use the C API though.
> > Is this workable, or would storing user passwords encrypted in LDAP
> > and having each application verify them individually be better?
> your storing userpasswords in LDAP anyway, i think. which solution is better
> depends on the usecase, i'd say. opening multiple connections allows you to
> benefit from a multithreaded LDAP e.g.
Nope, passwords go into sasldb. My point is that I have multiple
applications which need to access this data. Having to change lots of
applications to handle such changes isn't fun, particulary when the
changes might not be rolled back into the main distro.
I would prefer not to allow anonymous binds at all, personally. Also
being a lazy sysadmin, I prefer to code less ;). If openldap can handle
the password checking for me, it should.
Repeated checks so that a single SSL session can be reused.
A little suffering is good for the soul.
-- Kirk, "The Corbomite Maneuver", stardate 1514.0