-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Quanah
Gibson-Mount
Hello,
in reading the back-ldap man page, I don't see that it is
possible to proxy
via GSSAPI. In the case I'm looking at, we'd have a machine
running slapd,
that would have its own authcId. It would use that authcId
when proxying
requests to get the information it wants from our openldap
servers. Am I
correct thinking this can't be done with back-ldap as it
currently stands?
Not entirely sure of what you mean by proxying, since it has two different
meanings that may be relevant here. But I'm fairly sure the answer for
2.1 is it can't be done.
back-ldap forwards requests using the same ID/credentials that it
received. This only works for simple binds. It could be made to work for
other mechanisms by way of the Proxy Authorization control. Perhaps this
would be a good feature to add in
a future release. Certainly I would prefer to see it behave this way; it
would make connection management much much simpler.