Hi,
I'm working on a network where every services use LDAP to authenticate
users.
That's why I am working on a LDAP based clog utility.
I'am trying to do things right, so that it can be used by others. I
don't know if this is of any kind of interest to the Coda users.
Using LDAP is prety easy since we just have to bind to the LDAP server
using a given username & password to check if we are authorised.
Still, the source code is quite complicated and I could use a hand on
some of my questions :
- are ACLs checker(s) only based on tokens, or do they make
references to the user database ?
what I mean here is : do I have to create a new user in pdbtool for each
of the users in the LDAP database ?
If I do, is it possible to check if a user exists in the server database
without using any password ?
- I see in U_BindToServer (line 325 of coda/coda-src/auth2/auser.c)
a loop on each of the auth servers. while using LDAP there is only one
LDAP server, do the tokens have to be registered to each servers or is
it that the tokens are stored on the client and sent to the servers at
each requests if needed ?
- I am not sure where the token is generated, I don't really get the
whole token system in fact, if it is generated by the client wouldn't
that be a security issue ? So if it generated by the server, LDAP auth
doesn't seems that easy :(
do you think it is usefull to create a whole new way to authenticate
users, or should I create a tool to synchronize coda user database with
the ldap ?
thanks a lot
--
Stephane
