[OpenAFS-devel] [Fwd: [gnu.org #232848] openldap + ibm pl?]

[Troy Benjegerdes]

On Wed, Apr 27, 2005 at 07:10:22PM -0400, Jeffrey Altman wrote:
> Brett Trotter wrote:
> 
> > As opposed to reading /etc/ldap.conf, does anyone on the list here have a
> > good idea of what would be the preffered and most openafs-like way of
> > getting the configuration options (bind dn, base dn, bind pw, ssl, sasl,
> > etc) into ptsldap?
> 
> Um.  This is OpenAFS.  We are a Kerberos authenticated service.
> Why are we using a password to authenticate to LDAP?

Well, this is for authenticating the pts-ldap proxy against an ldap
server.

My preference would be /etc/openldap/pts-ldap.conf, and using a
Kerberos5 principal (ptsldap/$hostname@$realmname) with SASL/GSSAPI
bind.