On 5/11/07, Joe Flowers flowers@social.chass.ncsu.edu wrote:
Gavin Henry wrote:
The problem is that in many cases, to replace existing systems, I need to be able to intercept username and password credentials from an LDAP client, create the local or network account dynamically, perhaps perform some other setup functions, and then return a value LDAP return to the LDAP client that the authentication was successful.
So, as well as a normal bind, from say ldapsearch, you need to do other things if the bind was correct?
So how would you stop any user/pass binding and an account getting created?
I can/will do the the authoritative authentication pieces via Kerberos or native calls into NDS or AD or other LDAP calls or etc.
You might want to check out this thread: http://www.openldap.org/lists/openldap-software/200702/msg00126.html
It sounds like you're doing something similar to manu@netbsd.org
_Matt