Re: (ITS#6567) Enable GSSAPI support and expose ldap_gssadpi_bind_s
- First Post
- Replies
- Stats
-
Go to
- ----- 2023 -----
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
Lastly, I note that it might be good for proponent of this feature to at =
least offer extensions to ldapwhoami(1) and other command line tools. =
Aside from the educational value that would provide to developers in how =
this feature would be used along side other libldap features (such as =
ldap_sasl_interactive_bind_s), it would provide a means to test the =
code. Of course, without support in OpenLDAP's slapd(8), testing would =
be cumbersome for many.
-- Kurt
On Jun 1, 2010, at 6:08 PM, hyc(a)symas.com wrote:
ssalley(a)likewise.com wrote:
> Full_Name: Scott Salley
> Version: HEAD
> OS: Linux
> URL: =
http://archives.likewiseopen.org/~ssalley/OpenLDAP/scott-salley-100601-def=
ine-have-gssapi.patch
> Submission from: (NULL) (67.51.54.234)
>=20
>=20
> Note that a similar issue/contribution was submitted in 2008 =
(Contrib/5369)
and
> appears to have been 'lost'.
=20
> The patch =
http://archives.likewiseopen.org/~ssalley/OpenLDAP/scott-salley-100601-def=
ine-have-gssapi.patch
> makes it possible to use the GSSAPI support in OpenLDAP by:
>=20
> 1. Defining --with-gssapi in configure which
> a. Checks for appropriate header files
> b. Checks for the appropriate library
> c. Defines HAVE_GSSAPI to 1 in everything is in order
>=20
> 2. Exposing ldap_gssapi_bind_s in ldap.h
=20
I am still disinclined to publish any of this. The standard mechanism =
for=20
using GSSAPI in LDAP is via SASL. I see no benefit to propagating
more=20=
non-standard one-off ldap_XXX_bind flavors. It's a poor design =
approach and it=20
increases our support workload for no appreciable gain. It
increases=20=
application developer's workload as well, if they have to test
for the=20=
existence of multiple flavors of ldap_XXX_bind and code for them
each=20=
separately in their apps.
=20
If you really want to have "direct" access to other authentication =
mechanisms,=20
the right way to do this is by adding new LDAP_AUTH_xxx definitions =
that can=20
be muxed out from a single ldap_bind API. Of course, by the time =
you've=20
implemented option parsing so that generic client code can be =
configured with=20
arbitrary Bind mechanisms, you would have re-implemented SASL.
=20
--=20
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
=20
=20
4862
days inactive
4862
days old
0 comments
1 participants
tags (0)
participants (1)
-
Kurt@OpenLDAP.org