Nick Milas wrote:
On 29/5/2012 7:42 ÎÎ, Michael StrÃder wrote:There's a SLAPI plugin for 389 DS which supports MIT Kerberos. A C programmer might be able to adapt this as an OpenLDAP overlay (similar to OpenLDAP's slapo-smbk5pwd).Sorry, couldn't one use the SLAPI plugin as is in OpenLDAP, since SLAPI support is available (SLAPI plugins are supposed to be able to work without modifications on all LDAP servers)?
"supposed to" and "actual" tend to be quite different, since the inventors of SLAPI diverged from each other (Sun/Netscape/RedHat...), and OpenLDAP's implementation is rather sparse, and only fleshed out on an as-needed basis.
(For example, Symas and LTB packages are SLAPI-enabled; I had tested such a SLAPI plugin and it worked fine.)
It would be better to simply extend slapo-smbk5pwd with MIT support. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/