Gavin Henry wrote:
>> The problem is that in many cases, to replace existing systems, I need
>> to be able to intercept username and password credentials from an LDAP
>> client, create the local or network account dynamically, perhaps perform
>> some other setup functions, and then return a value LDAP return to the
>> LDAP client that the authentication was successful.
>>
>
> So, as well as a normal bind, from say ldapsearch, you need to do other
> things if the bind was correct?
>
> So how would you stop any user/pass binding and an account getting created?
>
I can/will do the the authoritative authentication pieces via Kerberos
or native calls into NDS or AD or other LDAP calls or etc.
>