LDAP related development at Carnegie Mellon Open LDAP

  • Slides: 9
Download presentation
LDAP related development at Carnegie Mellon ● Open. LDAP and SQL ● LDAP everywhere

LDAP related development at Carnegie Mellon ● Open. LDAP and SQL ● LDAP everywhere ● Cyrus SASL development

LDAP and SQL ● ● Currently, metadir. andrew. cmu. edu is an Open. LDAP

LDAP and SQL ● ● Currently, metadir. andrew. cmu. edu is an Open. LDAP 2. 0 with ldbm Slurpd replication is used to ~4 identical replicas No foreign key constraints, LDAP interface is “hard” for certain users Plus, we have an Oracle site license

LDAP and SQL (2) ● Problems with SQL backend – How to do replication

LDAP and SQL (2) ● Problems with SQL backend – How to do replication if we want to write directly to the database – How to make the database schema good for LDAP but also usable for other access

LDAP everywhere ● ● Administrative applications need information from data stores How many access

LDAP everywhere ● ● Administrative applications need information from data stores How many access protocols should any one programmer need to use? Lots of applications have inherent lists of resources (users, mailboxes, machines, etc. ) Privilege delegation/authorization – we want help desk people to be able to check quotas, but not modify them

LDAP everywhere ● ● ● PTS backend is an example we've implemented – Exports

LDAP everywhere ● ● ● PTS backend is an example we've implemented – Exports AFS users and groups, read-only – Hopefully will ease our group transition Where do we run the LDAP server? How tightly do we integrate the backend to the instrumented application?

Cyrus SASL development ● Bug fixes, bug fixes – ● DIGEST-MD 5 DES fixed

Cyrus SASL development ● Bug fixes, bug fixes – ● DIGEST-MD 5 DES fixed (finally!) SASL API standardization – Allow interactions in server API to support async programming models – Library/application interaction changes? – Move sasl_set_alloc() into callbacks?

Cyrus SASL auxprops ● Sun. ONE (Chris Newman) fixes to code ● auxprop API

Cyrus SASL auxprops ● Sun. ONE (Chris Newman) fixes to code ● auxprop API not well understood ● – Server-side API for retrieving user attributes – Most popular is “userpassword”--cleartext password – More general so that expensive lookups can get everything a server might need Currently, the “sasldb” plugin is the only auxprop plugin we ship

An LDAP auxprop plugin? ● ● Open. LDAP ships with one possible auxprop implementation

An LDAP auxprop plugin? ● ● Open. LDAP ships with one possible auxprop implementation Lots of interest in an LDAP auxprop for things like Cyrus IMAP (get passwords, groups, etc. ) Generic auxprop plugin that communicates to a separate process Process caches connections, handles uid/dn mapping

Cyrus SASL ● I'll take any questions ● . . . compliments ● .

Cyrus SASL ● I'll take any questions ● . . . compliments ● . . . complaints ● . . . abuse ● . . . whatever

LDAP related development at Carnegie Mellon Open LDAPLDAP related development at Carnegie Mellon Open LDAP
Carnegie Mellon Sound Carnegie Mellon Sound Sampling BasicsCarnegie Mellon Sound Carnegie Mellon Sound Sampling Basics
Carnegie Mellon Video II Carnegie Mellon Moving PictureCarnegie Mellon Video II Carnegie Mellon Moving Picture
Carnegie Mellon 1 Carnegie Mellon Synchronization Advanced 15Carnegie Mellon 1 Carnegie Mellon Synchronization Advanced 15
Carnegie Mellon Synchronization Carnegie Mellon Single and MultithreadedCarnegie Mellon Synchronization Carnegie Mellon Single and Multithreaded
Carnegie Mellon Virtualization Virtualization Carnegie Mellon A singleCarnegie Mellon Virtualization Virtualization Carnegie Mellon A single
Carnegie Mellon Synchronization Carnegie Mellon Synchronization Threads cooperateCarnegie Mellon Synchronization Carnegie Mellon Synchronization Threads cooperate
Carnegie Mellon Virtualization Virtualization Carnegie Mellon A singleCarnegie Mellon Virtualization Virtualization Carnegie Mellon A single