1 / 9

LDAP related development at Carnegie Mellon

LDAP related development at Carnegie Mellon. OpenLDAP and SQL LDAP everywhere Cyrus SASL development. LDAP and SQL. Currently, metadir.andrew.cmu.edu is an OpenLDAP 2.0 with ldbm Slurpd replication is used to ~4 identical replicas

elke
Télécharger la présentation

LDAP related development at Carnegie Mellon

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. LDAP related development at Carnegie Mellon • OpenLDAP and SQL • LDAP everywhere • Cyrus SASL development

  2. LDAP and SQL • Currently, metadir.andrew.cmu.edu is an OpenLDAP 2.0 with ldbm • Slurpd replication is used to ~4 identical replicas • No foreign key constraints, LDAP interface is “hard” for certain users • Plus, we have an Oracle site license

  3. LDAP and SQL (2) • Problems with SQL backend • How to do replication if we want to write directly to the database • How to make the database schema good for LDAP but also usable for other access

  4. LDAP everywhere • Administrative applications need information from data stores • How many access protocols should any one programmer need to use? • Lots of applications have inherent lists of resources (users, mailboxes, machines, etc.) • Privilege delegation/authorization • we want help desk people to be able to check quotas, but not modify them

  5. LDAP everywhere • PTS backend is an example we've implemented • Exports AFS users and groups, read-only • Hopefully will ease our group transition • Where do we run the LDAP server? • How tightly do we integrate the backend to the instrumented application?

  6. Cyrus SASL development • Bug fixes, bug fixes, bug fixes • DIGEST-MD5 DES fixed (finally!) • SASL API standardization • Allow interactions in server API to support async programming models • Library/application interaction changes? • Move sasl_set_alloc() into callbacks?

  7. Cyrus SASL auxprops • SunONE (Chris Newman) fixes to code • auxprop API not well understood • Server-side API for retrieving user attributes • Most popular is “userpassword”--cleartext password • More general so that expensive lookups can get everything a server might need • Currently, the “sasldb” plugin is the only auxprop plugin we ship

  8. An LDAP auxprop plugin? • OpenLDAP ships with one possible auxprop implementation • Lots of interest in an LDAP auxprop for things like Cyrus IMAP (get passwords, groups, etc.) • Generic auxprop plugin that communicates to a separate process • Process caches connections, handles uid/dn mapping

  9. Cyrus SASL • I'll take any questions • ... compliments • ... complaints • ... abuse • ... whatever

More Related