[OpenAFS-devel] [Fwd: [gnu.org #232848] openldap + ibm pl?]
Troy Benjegerdes
hozer@hozed.org
Thu, 28 Apr 2005 21:46:11 -0500
On Wed, Apr 27, 2005 at 07:10:22PM -0400, Jeffrey Altman wrote:
> Brett Trotter wrote:
>
> > As opposed to reading /etc/ldap.conf, does anyone on the list here have a
> > good idea of what would be the preffered and most openafs-like way of
> > getting the configuration options (bind dn, base dn, bind pw, ssl, sasl,
> > etc) into ptsldap?
>
> Um. This is OpenAFS. We are a Kerberos authenticated service.
> Why are we using a password to authenticate to LDAP?
Well, this is for authenticating the pts-ldap proxy against an ldap
server.
My preference would be /etc/openldap/pts-ldap.conf, and using a
Kerberos5 principal (ptsldap/$hostname@$realmname) with SASL/GSSAPI
bind.