Menu
▾
▴
[Opensync-commits] r5549 - plugins/ldap-sync
|
From: <svn...@op...> - 2009-04-06 20:20:57
|
Author: scriptor Date: Mon Apr 6 22:20:51 2009 New Revision: 5549 URL: http://www.opensync.org/changeset/5549 Log: Update. Modified: plugins/ldap-sync/ChangeLog Modified: plugins/ldap-sync/ChangeLog ============================================================================== --- plugins/ldap-sync/ChangeLog Mon Apr 6 22:20:43 2009 (r5548) +++ plugins/ldap-sync/ChangeLog Mon Apr 6 22:20:51 2009 (r5549) @@ -31,7 +31,7 @@ session is encrypted... -- SASL/GSSAPI carrying Kerberos V5 works, even though right now there are no special/separate configuration options regarding the - "realm" and the "authzid" (TODO). Prerequisite is, as always with + "realm" (TODO). Prerequisite is, as always with Kerberos V5, that a ticket-granting ticket has been obtained prior to running osynctool (e.g. "kinit -V ldap_user"). -- SASL/EXTERNAL works, as well, provided that the LDAP session @@ -40,6 +40,8 @@ the SSL/TLS certificate of the client and mapping this SSL/TLS DN to an LDAP DN. This LDAP DN is treated as the authentication DN. The mapping can be configured in slapd.conf (authz-regexp). + -- Proxy authorization should work (authenticate as one person, + act as a different person). - Some smaller issues, like hangs, error messages etc. have been resolved. - For the time being the objtype "contact" can be mapped @@ -48,6 +50,10 @@ - The other objtypes are mapped to general object classes, like "ou:" and "document:", while some LDAP attribute names are abused for storing "name" and "value" pairs. +- A test suite has been added. The test suite works only, if run + inside of an environment with a running LDAP server (slapd from + openldap-2.4.x), and if LDAP utilities like ldapsearch, ldapadd, + ldapmodify and ldapdelete, further xsltproc and xmllint are present. 0.22: |
