[Date Prev][Date Next]
Re: Authentication in referrals
>> 2) as a workaround, you could hide your replica behind a back-ldap,
>> because it can handle this on behalf of your client, if you're using
>> simple bind: create a proxy server with a back-ldap instance and add
>> the "rebind-as-user" directive; see slapd-ldap(5) for further details.
>> Then your client must access the proxy instead of the real replica.
> Hm... I think having back-ldap & back-meta support SASL binds would be
> useful. I had an application I couldn't support because they don't.
> The general issue was there was a server on a VLAN that needed LDAP
> access. We wanted to put a back-ldap server on the bridge, so the
> application could talk to the back-ldap server, and the back-ldap
> server could talk to our normal servers. Unfortunately, we couldn't
> make the back-ldap server connect to our servers via SASL.
Open an ITS ;) Out of joke, I recall some traffic about this;
I think it was Howard. You may want to check the archives.
I don't remember if it wasn't done for technical reasons or what,
but in case we could think about it.