[OpenAFS] Ldap & AFS

[Nickolai Zeldovich]

> Unfortunately I was unable to attend the conference.  However, I do have some
> opinions on this. :^}  Having the pts information stored in an LDAP server
> would provide a signifigant benifit.  One is the ability to integrate with a
> larger system.  We have spent a significant amount of money building a
> replicated ldap server setup.  It would be great to be able to use that to
> control the AFS pts information.  Also it would be very helpful to have all
> the information in one place.

I'm not familiar with LDAP, but it seems like with the right schema,
writing an LDAP-backed ptserver (translator, in effect) should be
very simple.  You just implement the dozen or so calls that ptserver
provides as simple lookups in the LDAP database, and you should be
done.  If your LDAP back-end provides some way for users to create
their own groups, you might even be able to not implement user groups
in the ptserver, and have users use the LDAP interface instead.

-- kolya