[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5856) adauth overlay contribution

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5856) adauth overlay contribution
From: neil.dunbar@hp.com
Date: Tue, 16 Dec 2008 14:54:21 GMT

Andrew: 
> One suggestion following a very quick scan of the code: I think it
> would be worth bringing the warning about turning off TLS checks
> into the manual page.

Agreed. Done.

> In particular, there is no reason for this
> to be AD-specific and it should be easy to adapt it to authenticate
> against any [collection of] remote LDAP servers.

Actually, it may not be AD specific as is. If you define default_domain
to be some rubbish, and default_realm to be the remote AD server, then
everything else (including the remote bind DN) can be fetched from the DIT.
But I haven't tried this. But what wouldn't get passed back is any
information flowing from password controls - and that's an annoyance, which
is why I didn't generalise the code (and because HP had no business need
for that approach anyway).

Cheers,

Neil
-- 
SSL, HP Labs/Office of Strategy and Technology Hewlett-Packard Limited
Registered Office:
 Cain Road, Bracknell, Berks
 RG12 1HN                             Registered No: 690597 England

Prev by Date: Re: (ITS#5858) Segfault with overlay ppolicy
Next by Date: (ITS#5863) assertion failed in ber_bvreplace_x() with translucent overlay
Index(es):
- Chronological
- Thread