[Date Prev][Date Next] [Chronological] [Thread] [Top]

identity assertion in back-ldap

To: openldap-devel@OpenLDAP.org
Subject: identity assertion in back-ldap
From: Pierangelo Masarati <ando@sys-net.it>
Date: Sat, 15 May 2004 10:16:09 +0200
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

I've committed a major improvement in identity assertion
for back-ldap, i.e. now the proxy can bind via SASL, and
do SASL authorization if required, thus avoiding the
repeated proxyAuthz control at every operation.  I plan to
extend the SASL bind to the binddn/bindpw; SASL
operations need some cleanup yet, but it's essentially
working.

This required to defer slap_sasl_destroy() after backend
destruction, otherwise sasl_done would be called before
the ldap_unbind() in back-ldap destruction, causing client
library sasl operations on invalid SASL data structures.

I wonder if any other auth method should be made available?

Unofrtunately, I ran out of man power (myself ;)for this
week (including weekend).  I'd appreciate some feedback,
to focus on essential features.

Ciao, p.

Prev by Date: delay slap_sasl_destroy()
Next by Date: about DN rewrite/remap overlay
Index(es):
- Chronological
- Thread