[Fedora-directory-devel] Please review: Bug 469261 - Support server-to-server SASL - part 4 - pta, winsync
Rich Megginson
rmeggins at redhat.com
Mon Nov 10 20:35:27 UTC 2008
https://bugzilla.redhat.com/show_bug.cgi?id=469261
Resolves: bug 469261
Bug Description: Support server-to-server SASL - part 4 - pta, winsync
Reviewed by: ???
Files: see diff
Branch: HEAD
Fix Description: Allow pass through auth (PTA) to use starttls. PTA
uses the old style argv config params, so I just added an optional
starttls (0, 1) to the end of the list, since there is currently no way
to encode the startTLS extop in the LDAP URL. NOTE: adding support for
true pass through auth for sasl or external cert auth will require a lot
of work - not sure it's worth it - anyone other than console users can
use chaining backend instead.
For windows sync, I just ported the same slapi_ldap_init/slapi_ldap_bind
changes made to regular replication to the windows specific code. The
Windows code still needs the do_simple_bind function to check the
windows password, but it is not used for server to server bind anymore.
NOTE: Windows does support startTLS, but I did not test the SASL
mechanisms with Windows.
Platforms tested: Fedora 9
Flag Day: no
Doc impact: yes
https://bugzilla.redhat.com/attachment.cgi?id=323115&action=diff
More information about the Fedora-directory-devel
mailing list