[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Heimdal PATCH] LDAP backend support for OpenLDAP 2.1.x

To: jalbertop@aranea.com.mx
Subject: Re: [Heimdal PATCH] LDAP backend support for OpenLDAP 2.1.x
From: Luke Howard <lukeh@PADL.COM>
Date: Tue, 27 May 2003 09:21:44 +1000
Cc: lha@stacken.kth.se, heimdal-discuss@sics.se
Organization: PADL Software Pty Ltd
References: <001701c315dc$ca3894c0$0e01a8c0@CELLO> <1052511670.1966.69.camel@newton> <amptm7qmav.fsf@nutcracker.stacken.kth.se> <1053972016.3370.54.camel@newton>
Reply-To: lukeh@PADL.COM
Sender: owner-heimdal-discuss@sics.se
Versions: dmail (bsd44) 2.4c/makemail 2.9d


>Well, you do need to patch the hdb-ldap.c file because it has a new call
>to do a EXTERNAL SASL mechanism to use the local IPC LDAPI interfase
>between the kadmin tool and the slapd backend. (The old OpenLDAP release
>2.0.x didn't required any bind mechanism to access the LDAP server). It
                                             ^^^^^^

Actually, 2.1.x supports anonymous reads, but not anonymous writes (as
did 2.0.x).

>Moreover this patch is important because people trying to use the LDAP
>backend with the latest OpenLDAP releases won't be able to use this
>functionality because they wouldn't bind to the OpenLDAP Server. 

You will also want a SASL regexp to map to the root DN (or some other
user with appropriate permissions):

For example:

sasl-regexp uidNumber=0\\\+gidNumber=0,cn=peercred,cn=external,cn=auth "cn=Directory Manager,dc=sics,dc=se"

>@@ -1104,7 +1118,7 @@
> 	    ret = asprintf(&dn, "cn=%s,%s", name, db->name);
> 	} else {
> 	    /* A bit bogus, but we don't have a search base */
>-	    ret = asprintf(&dn, "cn=%s", name, db->name);
>+	    ret = asprintf(&dn, "cn=%s", name);

Well spotted. Love, can you integrate Alberto's patch?

regards,

-- Luke

--
Luke Howard | PADL Software Pty Ltd | www.padl.com

Follow-Ups:
- Re: [Heimdal PATCH] LDAP backend support for OpenLDAP 2.1.x
  - From: Alberto Patino <jalbertop@aranea.com.mx>
- Re: [Heimdal PATCH] LDAP backend support for OpenLDAP 2.1.x
  - From: Love <lha@stacken.kth.se>

References:
- RE: [Heimdal PATCH] LDAP backend support for OpenLDAP 2.1.x
  - From: "Howard Chu" <hyc@highlandsun.com>
- RE: [Heimdal PATCH] LDAP backend support for OpenLDAP 2.1.x
  - From: Alberto Patino <jalbertop@aranea.com.mx>
- Re: [Heimdal PATCH] LDAP backend support for OpenLDAP 2.1.x
  - From: Love <lha@stacken.kth.se>
- Re: [Heimdal PATCH] LDAP backend support for OpenLDAP 2.1.x
  - From: Alberto Patino <jalbertop@aranea.com.mx>

Prev by Date: Re: [Heimdal PATCH] LDAP backend support for OpenLDAP 2.1.x
Next by Date: Re: [Heimdal PATCH] LDAP backend support for OpenLDAP 2.1.x
Prev by thread: Re: [Heimdal PATCH] LDAP backend support for OpenLDAP 2.1.x
Next by thread: Re: [Heimdal PATCH] LDAP backend support for OpenLDAP 2.1.x
Index(es):
- Date
- Thread