[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: back-config again



On Monday, March 29, 2004, at 08:35 AM, Kurt D. Zeilenga wrote:
At 11:21 PM 3/28/2004, Michael Ströder wrote:
...
And what would happen if one would like to build --without-cyrus-sasl?

Builtin EXTERNAL (coming soon I hope) or slapadd(8).

Builtin EXTERNAL? Is that an oxymoron or what?

We've been using a hack to simple bind to authenticate with SSL
certificates, in 2.1 and 2.2, mainly so we could support client
libraries on some MS Windows & MacOS X platforms that have SASL
but no `external' option.  The client basically just sends some
standard stuff, that would not be valid in a normal simple bind,
to signal it wants a certificate bind.  It's 100 or so lines of
extra code in bind.c, but mods to existing code are limited to
one spot.

I don't think it would require Cyrus SASL on the server, either,
though I haven't tried it.  The only obvious sasl requirement is
slap_sasl_regexp().

I'm guessing this may actually be a heresy and not what you meant,
but it does work with any old LDAP client.

	Donn Cave, University Computing Services, University of Washington
	donn@u.washington.edu