[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using Kerberos to authenticate as manager

Today at 8:59am, Dave Smith wrote:

> I know that OpenLDAP can be used in conjunction with kerberos to
> authenticate users, but I would like to know if (like Postgres and
> others), I can use a kerberos ticket to authenticate to the directory
> as manager.

WARNING: I have not done this....  So, I may be completely wrong...

If you are using 2.1.x (I am not), you should be able to associate via
GSSAPI a specific kerberos identity with the manager if you put an entry
in the database for the manager.

In 2.0.x, you would need to put the special syntax into your ACL's
giving the SASL id (I forget the exact syntax, but Turbo spelled it out
in http://www.bayour.com/LDAPv3-HOWTO.html) full authority to do
create/delete all entries.

Frank Swasey                    | http://www.uvm.edu/~fcs
Systems Programmer              | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
                    === God Bless Us All ===