[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5856) adauth overlay contribution

> One suggestion following a very quick scan of the code: I think it
> would be worth bringing the warning about turning off TLS checks
> into the manual page.

Agreed. Done.

> In particular, there is no reason for this
> to be AD-specific and it should be easy to adapt it to authenticate
> against any [collection of] remote LDAP servers.

Actually, it may not be AD specific as is. If you define default_domain
to be some rubbish, and default_realm to be the remote AD server, then
everything else (including the remote bind DN) can be fetched from the DIT.
But I haven't tried this. But what wouldn't get passed back is any
information flowing from password controls - and that's an annoyance, which
is why I didn't generalise the code (and because HP had no business need
for that approach anyway).


SSL, HP Labs/Office of Strategy and Technology Hewlett-Packard Limited
Registered Office:
 Cain Road, Bracknell, Berks
 RG12 1HN                             Registered No: 690597 England