[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authentication in referrals

To: ando@sys-net.it, openldap-software@OpenLDAP.org
Subject: Re: Authentication in referrals
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Mon, 15 Mar 2004 08:57:59 -0800
Content-disposition: inline
In-reply-to: <37680.131.175.154.56.1079358865.squirrel@webmail.sys-net.it>
References: <4055A619.7000807@unavarra.es> <37680.131.175.154.56.1079358865.squirrel@webmail.sys-net.it>

--On Monday, March 15, 2004 2:54 PM +0100 Pierangelo Masarati <ando@sys-net.it> wrote:

2) as a workaround, you could hide your replica behind a back-ldap,
because it can handle this on behalf of your client, if you're using
simple bind: create a proxy server with a back-ldap instance and add the
"rebind-as-user" directive; see slapd-ldap(5) for further details.  Then
your client must access the proxy instead of the real replica.

Hm... I think having back-ldap & back-meta support SASL binds would be useful. I had an application I couldn't support because they don't. The general issue was there was a server on a VLAN that needed LDAP access. We wanted to put a back-ldap server on the bridge, so the application could talk to the back-ldap server, and the back-ldap server could talk to our normal servers. Unfortunately, we couldn't make the back-ldap server connect to our servers via SASL.

--Quanah


--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Follow-Ups:
- Re: Authentication in referrals
  - From: "Pierangelo Masarati" <ando@sys-net.it>

References:
- Authentication in referrals
  - From: Daniel Merino <daniel.merino@unavarra.es>
- Re: Authentication in referrals
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: Re: valid entries for CN in certificate
Next by Date: Re: valid entries for CN in certificate
Index(es):
- Chronological
- Thread