[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
>Yea, I have cyrus-sasl in my ldap server (due to be released rsn, so
>you may still beat me to it :-) I have also thought about the
Hmm, are you working on OpenLDAP? If so, we should probably co-
ordinate efforts (or at least I should stop working on it, I only
started tonight :-)).
>ldap-backend-to-hdb idea (a backend I believe is the right abstraction)
>and would be interested in working on that. I guess one might start
>by figuring out what the schema looks like.
Sure. I think the tricky thing will be to make the mapping between
Kerberos and LDAP administrative domains flexible without making it
unnecessarily complicated. For example, W2K makes a few assumptions
about the mapping between realms and naming contexts which aren't
particularly flexible. I think some of these issues will have to
be resolved as part of adding SASL support, anyway. (So perhaps
you have already thought of them :^)).
Also, I have patches for OpenLDAP to support a domain socket transport
which should be more reliable for local (eg. KDC -> LDAP server
connections), as well as providing some semblance of a trusted
FYI, MS are releasing the client-side part of our GSS-SASL code
as part of their AD/UNIX interop sample code.
PADL Software Pty Ltd