[OpenAFS] users ldap?
Derrick J Brashear
shadow@andrew.cmu.edu
Wed, 13 Nov 2002 15:18:27 -0500 (EST)
On Wed, 13 Nov 2002, Lawrence Greenfield wrote:
> AFS derives authorization (group) information from it's pt server. It
> is currently not possible to replace pts with LDAP; the closest you
> could come to would be a batch synchronization job between LDAP and
> pts.
>
> I think there would be a good amount of interest in a pt server
> that did external lookups to LDAP. (AFS clients would continue to make
> pt calls, which would then be translated to LDAP.)
We already know there is, but:
1) I'm not going to write it
2) I'm going to resist using it, if it happens :-P
> I think there would also be interest in replacing pts with LDAP so
> that AFS clients and servers used LDAPv3 to communicate about
> authorization information, but this would be a more radical departure
> from current AFS practice.
LDAP is not a direct replacement for PTS. You can glue something on, but
the equivalent of GetCPS is not something directly representable in LDAP
now.