This is the first of two changes needed in order to
implement NIS push synchronization. The 'userPassword'
field isn't normally visible, so I had to modify
ldapcat to support SASL binds. LOGIN and PLAIN
authentication would be nice, but I'm not sure how best
to store/retrieve the credentials. This patch only
accomodates AUTH/EXTERNAL, which doesn't require
additional credentials. With OpenLDAP, this normally
means either SSL client certificates or ldapi:// with
peercred (client uid w/ domain sockets). Kerberos with
GSS would also be sensible, but I have no experience
Log in to post a comment.