[TriLUG] LDAP Question
Tanner Lovelace
lovelace at wayfarer.org
Tue Aug 20 16:10:03 EDT 2002
On Tue, 2002-08-20 at 14:53, Michael Alan Dorman wrote:
> Replication---each box has its own copies of data, for redundancy and
> speed. Communication between the servers is done over SSL.
Ah, that makes sense. And, actually, that's something I want
to setup on the trilug machines so we don't have a single
point of failure.
> Actually, the last sentence I was referring to was one about, "don't
> feel like grovelling through the sources right now." :-)
Doh! I *did* miss that sentence. Sorry about that. :-)
> For a while there I was the Debian/Alpha porter, and have grovelled
> through many, many SRPMs, as that was the only place a lot of the
> necessary patches existed. rpm2cpio and I got to be very good
> friends.
Ah, cool.
> You're not running into SASL-reentrancy problems are you? Sig11s and
> that sort of thing?
No, I think this is straight authentication to the LDAP server.
And, since we're using straight kerberos for authentication,
we shouldn't have any other types of SASL reentrancy problems.
If we'd gone with the Cyrus IMAP, however, that would have been
another matter... The WU-IMAP (in black box mode) that I'm
setting up, however, just uses pam_krb5 for authentication.
I think it may have to do with either the wrong user being
specified, or I've messed up the ACLs (probably the later).
I can authenticate using GSSAPI to the ldap server for
searching, but not modifying.
Tanner
--
Tanner Lovelace | lovelace at wayfarer.org | http://wtl.wayfarer.org/
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
GPG Fingerprint = A66C 8660 924F 5F8C 71DA BDD0 CE09 4F8E DE76 39D4
GPG Key can be found at http://wtl.wayfarer.org/lovelace.gpg.asc
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
Si hoc legere scis, nimium eruditionis habes.
More information about the TriLUG
mailing list