Novell and MIT moving forward on LDAP Plugin

Savitha R rsavitha at
Tue Jul 25 07:07:28 EDT 2006

>>> On Tue, Jul 25, 2006 at  2:40 AM, in message
<20060724211051.GA28516 at>,
Will Fiveash <William.Fiveash at> wrote: 
> On Tue, Jul 18, 2006 at 05:23:41AM - 0600, Savitha R wrote:
>> Hi,
>> Following is the list of issues that Novell will be working on
>> 1. Schema changes. 
>> 2. Support for ldapi:// 
>> The LDAP server needs to be specified as LDAP URI in krb5.conf
>> (ldap_server tag) 
> Does this work include support for more flexible LDAP bind
> via the URI and a way to specify the SASL security mech. to use?
What we are looking at initially is to specify the LDAP server via 
an LDAP URI. E.g.
 or in case of LDAP over IPC :
 "ldapi:///<path to the unix domain socket>/"
We will be considering the support for SASL mechanisms later

>> 3. The code for princtype differentiation based on objectclass will
>> removed
>> 4. Single principal on the LDAP object  with  subsequent
>>  principal objects linked to the LDAP object.
>> 5. Principal to LDAP object mapping based on some rules 
>> without mandating - x userdn option.
>> 6. Replace the LDAP APIs which are deprecated in OpenLDAP 2.3
>> We will be posting more information on 1, 4 and 5 separately.
> Any idea when you plan on posting this information? 
Information on 4 and 5 will be posted today or tomorrow. 
The schema changes will be posted by the end of this week.

> I was speaking with
> Sam recently on how we can move forward and Sun would like to
> fixes/enhancements to the Novell LDAP plugin code but we do not want
> duplicate effort or work at cross purposes.
> BTW, did you see the list of Sun LDAP plugin requirements?  Any
> on that (if you do have some it would be better to respond on that
> e- mail thread)?
We have seen the list of requirements. We will respond with our


More information about the krbdev mailing list