[OpenAFS-devel] AFS Authentication through LDAP
Ted Anderson
ota@transarc.com
Tue, 1 Jan 2002 07:57:57 -0500 (EST)
On Mon, 31 Dec 2001 19:25:27 -0500 (EST) Derrick J Brashear <shadow@dementia.org> wrote:
> It's a little more than a wrapper, in my opinion.
>
> 1) if the fileserver is depending on it, you want it to be fast, but
> that's really your business.
> 2) you need extra stuff for GetCPS and GetHostCPS, which isn't exactly
> analogous to what LDAP provides.
It is true that I have been thinking in very generic terms about what
"LDAP provides". As I understand it LDAP is a database interface, a bit
like IDL is for remote procedure calls. Often one gets a database along
with the interface in a particular product which may limit the
flexibility of the LDAP interface to support PTServer data. The
original question from Ilya related to iPlanet, but I don't know
anything about what this LDAP product provides.
In August Matthew Economou <meconomou@earthlink.net> sent[1] a proposed
LDAP schema for "PTS attributes". A Google search turns up a good deal
of prior discussion about using LDAP on the various AFS lists (e.g. the
"afs pts schema?" thread[2]). It would be useful to review that before
we rehash too much of the discussion here.
Ted
[1] http://lists-openafs.central.org/pipermail/openafs-info/2001-August/001767.html
[2] http://www.mail-archive.com/info-afs%40transarc.com/msg06100.html