[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authentication in referrals



>> 2) as a workaround, you could hide your replica behind a back-ldap,
>> because it can handle this on behalf of your client, if you're using
>> simple bind: create a proxy server with a back-ldap instance and add
>> the "rebind-as-user" directive; see slapd-ldap(5) for further details.
>>  Then your client must access the proxy instead of the real replica.
>
> Hm... I think having back-ldap & back-meta support SASL binds would be
> useful.  I had an application I couldn't support because they don't.
> The  general issue was there was a server on a VLAN that needed LDAP
> access.  We  wanted to put a back-ldap server on the bridge, so the
> application could  talk to the back-ldap server, and the back-ldap
> server could talk to our  normal servers.  Unfortunately, we couldn't
> make the back-ldap server  connect to our servers via SASL.

Open an ITS ;)  Out of joke, I recall some traffic about this;
I think it was Howard.  You may want to check the archives.
I don't remember if it wasn't done for technical reasons or what,
but in case we could think about it.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it