On Sun, 3 Apr 2005, mzozd wrote: > Dear Raven, > > please DISREGARD MY PREVIOUS PATCH. I have created two seperate patches > to address this issue more seriously. > > I am attaching the patches in this e-mail and i am going to give you a > short explanation of what is changed and why: > > The problem is that if an ldap server is NOT allowing anonymous binds, > there is no way for autofs to acquire the information from the autofs > schema in ldap. Thus, it is also impossible to query for the schema if > the ldap server ENFORCES a TLS only authenticatiion. > > The attached two patches address that issue by doing the following: > > a) Open /etc/ldap.conf to read any rootbinddn option. > b) Open /etc/ldap.secret to read any password if the rootbinddn option > is in the conf. > c) Try to initiate TLS with the server (assuming the path to the > certifacte(s) is defined in /etc/openldap/ldap.conf).
We shouldn't need care about the certificate. This should be taken care of with an API call either succeeding or failing. > d) Bind with rootdn and password defines in the configuration files. All this stuff is openldap specific. Can we do this via an LDAP API? How much of this can be done using a generalised dn? This may already be the case as I haven't had a look yet but can we seperate out the LDAP implementation specific stuff to a seperate module? > > I have successfully tested this patch with the latest autofs and > openldap autofs schema and it works. It may be needed some minor > adjustments. I have tried, and as far as i tested succeed, to maintain > the previous behaviour of the program but other people should verify > that via testing. I have another patch that generalises the dn format and cleans up the LDAP module. It looks quite good but is very much out of date. The LDAP module is quite ugly and certainly needs work. It's going to be quite a big job to merge these patches. Hopefully we can work together on this. Ian _______________________________________________ autofs mailing list autofs@linux.kernel.org http://linux.kernel.org/mailman/listinfo/autofs
