Novell and MIT moving forward on LDAP Plugin

Savitha R rsavitha at novell.com
Tue Jul 18 07:23:41 EDT 2006 

Hi,

Following is the list of issues that Novell will be working on

1. Schema changes. 

2. Support for ldapi:// 
The LDAP server needs to be specified as LDAP URI in krb5.conf
(ldap_server tag) 

3. The code for princtype differentiation based on objectclass will be
removed

4. Single principal on the LDAP object  with  subsequent
 principal objects linked to the LDAP object.

5. Principal to LDAP object mapping based on some rules 
without mandating -x userdn option.

6. Replace the LDAP APIs which are deprecated in OpenLDAP 2.3

We will be posting more information on 1, 4 and 5 separately.

Thanks
Savitha

>>> On Thu, Jun 29, 2006 at 11:45 PM, in message
<tsly7vfeslf.fsf at cz.mit.edu>, Sam
Hartman <hartmans at MIT.EDU> wrote: 

> 
> Hi.
> 
> I wanted to update everyone on a conference call MIT and Novell had
> Tuesday evening.
> 
> 
> We believe that the best course of action going forward is for
> interested parties to write up the list of issues they would like to
> see improved in the LDAP plugin and then to get together and discuss
> who is doing the work.
> 
> We're hoping that people who bring forward issues also plan to
commit
> time to helping solve issues.
> 
> Here's MIT's issue list:
> 
> Blocking issues:
> 
> 1) MIT needs to be able to test the LDAP plugin.  This means we need
> to be abel to set up LDAP realms and run some set of tests against
> them.  We believe that this is an internal MIT issue at this point:
we
> just need to do the work to get a test environment that works better
> than what we have.
> 
> Non-  blocking Issues:
> 
> 1) We would like to see the schema improved.  We would like to
>     separate out attributes from the secret key attribute.  In
general
>     we only see a need to support one principal per ldap object, but
>     have links to other related objects.
> 
> 2) ldapi support
> 
> 3) Support for kdb5_util integration that supports dump load create
>     and destroy.
> 
> I'd appreciate if people could try and send in issue lists within
the
> next few days.
> 
> --  Sam
> 
> _______________________________________________
> krbdev mailing list             krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev

More information about the krbdev mailing list