concerns with ldap plugin and 1.5

[Nicolas Williams]

On Fri, Jun 02, 2006 at 04:54:11AM +1000, Luke Howard wrote:
> 
> >It's really not clear that a new command was needed.
> >
> >I see this as evidence that the new SPI is not sufficiently generic.
> 
> I haven't looked at the SPI so I should probably reserve judgement,
> but I agree that genericity is a useful thing.

Evidence != conviction :)

Sure, judgement should follow a careful review.

> The Heimdal SPI allowed a backend to attach arbitrary extensions to
> a principal (each extension could be marked mandatory, if the KDC
> did not understand a mandatory extension it would reject the entire
> entry).

Sounds good to me.  Does the MIT SPI have something like this?

> Also a generic "invoke this operation identified by OID with an
> opaque parameter" (or buffer) might also be useful too for things
> like backend-specific provisioning tools.

My point exactly.

There's also the migration issue.  I'm not sure what the right way to
design that feature would be, but leaving dump/load code in kdb5_util
seems wrong -- at least some of the dump/load functionality deserves to
live in the plug-in.

Nico
--