[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ADSI distributed queries CONVERT failures w/ OpenLDAP
> Egor Shokurov wrote:
>
> Hello
> Our team is in the process of making decision on which
> LDAP server and access method to use for the ongoing
> project.
>
> Alternatives for the server are:
> - MS Active Directory
> - Open LDAP
> - Netscape Directory
If you need some more candidates:
- IBM Secure Way Directory
- Novell eDirectory
> Client side should run on NT/w2k, variants I can think of are:
> - OpenLDAP C API
> - MS ADSI
> - MS Winldap
> - Netscape C LDAP API
> - MS ADSI through OLE DB
Both IBM and Novell offer C and Java libraries.
> I see that at least one person have problems connecting ADSI to
> OpenLDAP. Is there any other comment on compatibility of products
> above ? Maybe any useability/performance suggestions ?
If you want to use GSSAPI as authentication mechanism you might run into
some problems with AD:
- server side: AD ignores buffer sizes (for privacy protection)
negotiated by GSSAPI.
- wldap32.lib clients: OID encoding for GSS-KRB5 method is wrong in
GSS-SPNEGO (workaround: use ldap_set_option to use GSSAPI directly)
- wldap32.lib clients: the service principal used is LDAP/host@REALM,
but should be ldap/host@REALM (rfc2829, 11.)
--
Norbert Klasen
DFN Directory Services tel: +49 7071 29 70335
ZDV, Universität Tübingen fax: +49 7071 29 5912
Wächterstr. 76, 72074 Tübingen http://www.directory.dfn.de
Germany norbert.klasen@zdv.uni-tuebingen.de