[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Munging an OpenLDAP slapd server

>I think you could just use saslauthd to forward the password stuff to the 
>KDC, to get whether or not they can bind?
>Quanah Gibson-Mount
>Principal Software Developer
>ITSS/Shared Services
>Stanford University
>GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

        Thanks for the response.  However, I'm not sure I expressed my need
        correctly given your reply.

        The bind stuff is done already from an earlier application, and it
        works.  It's the SEARCH when it's in an anonymous bind state that I
        need to implement.

        When I'm bound to anonymously, I'll then receive a search with a
        filter of (uid=xxx) to which I must a search result of a single entry,
        a  DN of "uid=xxx,ou=zzz,dc=nn,dc=mm", and then get my munged slapd to
        return that appropiately.  

        Alternatively, If I decide I want to claim there are not matches
        to the filter specified, I need to get my munged slapd to return 
        the appropriate results for "search found nothing."

        What I need help with is the anonymous search from the viewpoint of
        slapd and its source files.   I need to know which slapd source
        modules I'd need to change, how I'd find the uid=xxx value desired in
        the search request received, how to return an unsuccessful search
        result, and how to return a successful search result.

        I'll apply these changes to the source tree for slapd, along with
        the already changed bind.c code that implements satisfactorally the
        non-anonymous bind against the KDC.

+----"Never Underestimate the bandwidth of a station wagon full of mag tapes"--+
| J.Lance Wilkinson ("Lance")		InterNet:  Lance.Wilkinson@psu.edu 
| Systems Design Specialist - Lead	AT&T:      (814) 865-1818
| Digital Library Technologies		FAX:       (814) 863-3560
| 3 Paterno Library				"I'd rather be dancing..." 
| Penn State University		    A host is a host from coast to coast,
| University Park, PA 16802	    And no one will talk to a host that's close
| <postmaster@psulias.psu.edu>	    Unless the host that isn't close
| EMail Professional since 1978	    Is busy, hung or dead.
+---------"He's dead, Jim. I'll get his tricorder. You take his wallet."-------+
                [apologies to DeForest Kelley, 1920-1999]
<A Href="http://perdita.lcs.psu.edu";>home page</a> 
<a Href="http://perdita.lcs.psu.edu/junkdec.htm";>junk mail declaration</a>
--	/"\
	/ \