[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Need to configure openLDAP client to request authenication in LDAP version 2 format

On Tuesday 24 June 2008 18:54:24 Quanah Gibson-Mount wrote:
> --On Tuesday, June 24, 2008 6:38 PM +0200 Buchan Milne
> <bgmilne@staff.telkomsa.net> wrote:
> > On Tuesday 24 June 2008 18:20:28 Quanah Gibson-Mount wrote:
> >> --On Monday, June 23, 2008 11:28 AM -0400 kenglund <kenglund@sbc.edu>
> >>
> >> wrote:
> >> > Hello,
> >> >
> >> >
> >> >
> >> > I am installing a new version of our Zope/Plone software for hosting
> >> > our web portal.  The new software is using a product called PloneLDAP,
> >> > which (I think) in turn requests authentication using openLDAP client.
> >> > openLDAP is authenticating through our mail server, which wants bind
> >> > requests in version 2 format. Modification of the mail server software
> >> > to use version 3 authentication does not seem to be an option, as
> >> > (according to my Tech guy) it is "really not LDAP", but has an "LDAP
> >> > Like" interface.  The interface requires the bind to look like this:
> >>
> >> Either your tech guy is on crack, since LDAP v3 is the current LDAP
> >> protocol version, and has been for many years, or you have a
> >> misunderstanding somewhere along the way of what they were saying.
> >
> > Or, the software in question *really* only does do LDAPv2. This is the
> > case  with a lot of proprietary software from supposedly reputable
> > vendors.
> Whether or not the software only does LDAPv2 in no way relates to saying
> that "ldapv3 is really not ldap".  That's why I said either the guy is on
> crack, or there was a misunderstanding (i.e., the software only does
> ldapv2, and trying to do ldapv3 would be a hack, etc).

Well, there is software out there that presents an LDAP-like interface data 
primarily intended for other purposes, but that you would typically not 
consider to be an LDAP server. CommunigatePro is one that comes to mind. As 
such, it may not support LDAPv3, and also could be considered to qualify 
as "really not LDAP".

(back-sql, or Oracle OID don't really qualify here, as it is possible to write 
to them via the LDAP protocol, whereas CommunigatePro does not allow writes 
at all).

However, CommunigatePro does apparently also allow one to use a real LDAP 
server instead of it's internal per-user-file-based user list ... but I 
didn't try it, we just migrated a few hundred thousand users off it onto 
something better.