[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Heimdal PATCH] LDAP backend support for OpenLDAP 2.1.x

>Well, you do need to patch the hdb-ldap.c file because it has a new call
>to do a EXTERNAL SASL mechanism to use the local IPC LDAPI interfase
>between the kadmin tool and the slapd backend. (The old OpenLDAP release
>2.0.x didn't required any bind mechanism to access the LDAP server). It

Actually, 2.1.x supports anonymous reads, but not anonymous writes (as
did 2.0.x).

>Moreover this patch is important because people trying to use the LDAP
>backend with the latest OpenLDAP releases won't be able to use this
>functionality because they wouldn't bind to the OpenLDAP Server. 

You will also want a SASL regexp to map to the root DN (or some other
user with appropriate permissions):

For example:

sasl-regexp uidNumber=0\\\+gidNumber=0,cn=peercred,cn=external,cn=auth "cn=Directory Manager,dc=sics,dc=se"

>@@ -1104,7 +1118,7 @@
> 	    ret = asprintf(&dn, "cn=%s,%s", name, db->name);
> 	} else {
> 	    /* A bit bogus, but we don't have a search base */
>-	    ret = asprintf(&dn, "cn=%s", name, db->name);
>+	    ret = asprintf(&dn, "cn=%s", name);

Well spotted. Love, can you integrate Alberto's patch?


-- Luke

Luke Howard | PADL Software Pty Ltd | www.padl.com