[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authentication in referrals

--On Monday, March 15, 2004 2:54 PM +0100 Pierangelo Masarati <ando@sys-net.it> wrote:

2) as a workaround, you could hide your replica behind a back-ldap,
because it can handle this on behalf of your client, if you're using
simple bind: create a proxy server with a back-ldap instance and add the
"rebind-as-user" directive; see slapd-ldap(5) for further details.  Then
your client must access the proxy instead of the real replica.

Hm... I think having back-ldap & back-meta support SASL binds would be useful. I had an application I couldn't support because they don't. The general issue was there was a server on a VLAN that needed LDAP access. We wanted to put a back-ldap server on the bridge, so the application could talk to the back-ldap server, and the back-ldap server could talk to our normal servers. Unfortunately, we couldn't make the back-ldap server connect to our servers via SASL.


-- Quanah Gibson-Mount Principal Software Developer ITSS/TSS/Computing Systems ITSS/TSS/Infrastructure Operations Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html