Kerberos OpenLDAP Frontend
Russ Allbery
rra at stanford.edu
Fri Oct 5 14:54:55 EDT 2007
Simon Wilkinson <simon at sxw.org.uk> writes:
> One thing I keep thinking about implementing is an LDAP->kadmin
> proxy. You'd still have the KDC database in the current DB format, but
> you'd be able to access it through an overlay on your OpenLDAP server,
> which would translate LDAP actions into kadmin RPCs.
Having done a bit of Active Directory munging over LDAP, I don't think
LDAP makes a very appealing kadmin protocol, although it may be better
with a better data model than Active Directory offers. (Separating flags
out into separate attributes, for example, rather than using a bitmask in
one attribute.)
LDAP is an extremely heavy-weight and complex protocol, although it does
have the advantage of having stable libraries and a reasonable
authentication structure.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list