[Date Prev][Date Next]
Re: Munging an OpenLDAP slapd server
>I think you could just use saslauthd to forward the password stuff to the
>KDC, to get whether or not they can bind?
>Principal Software Developer
>GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
Thanks for the response. However, I'm not sure I expressed my need
correctly given your reply.
The bind stuff is done already from an earlier application, and it
works. It's the SEARCH when it's in an anonymous bind state that I
need to implement.
When I'm bound to anonymously, I'll then receive a search with a
filter of (uid=xxx) to which I must a search result of a single entry,
a DN of "uid=xxx,ou=zzz,dc=nn,dc=mm", and then get my munged slapd to
return that appropiately.
Alternatively, If I decide I want to claim there are not matches
to the filter specified, I need to get my munged slapd to return
the appropriate results for "search found nothing."
What I need help with is the anonymous search from the viewpoint of
slapd and its source files. I need to know which slapd source
modules I'd need to change, how I'd find the uid=xxx value desired in
the search request received, how to return an unsuccessful search
result, and how to return a successful search result.
I'll apply these changes to the source tree for slapd, along with
the already changed bind.c code that implements satisfactorally the
non-anonymous bind against the KDC.
+----"Never Underestimate the bandwidth of a station wagon full of mag tapes"--+
| J.Lance Wilkinson ("Lance") InterNet: Lance.Wilkinson@psu.edu
| Systems Design Specialist - Lead AT&T: (814) 865-1818
| Digital Library Technologies FAX: (814) 863-3560
| 3 Paterno Library "I'd rather be dancing..."
| Penn State University A host is a host from coast to coast,
| University Park, PA 16802 And no one will talk to a host that's close
| <email@example.com> Unless the host that isn't close
| EMail Professional since 1978 Is busy, hung or dead.
+---------"He's dead, Jim. I'll get his tricorder. You take his wallet."-------+
[apologies to DeForest Kelley, 1920-1999]
<A Href="http://perdita.lcs.psu.edu">home page</a>
<a Href="http://perdita.lcs.psu.edu/junkdec.htm">junk mail declaration</a>
\ / ASCII RIBBON CAMPAIGN
X AGAINST HTML MAIL