On Jun 17, 2008, at 07:57, Klaus Heinrich Kiwi wrote: > On Mon, 2008-06-16 at 23:38 -0400, Ken Raeburn wrote: >> I suspect there are several LDAP schemas we could do a better job of >> supporting and integrating with... > > And what, in your opinion, would be the better approach to accomplish > this task?
I don't think I'm familiar enough with LDAP in general and the various schemas in particular to be well-qualified to answer that right now. If the differences are minor, a single integrated back end with some run-time configuration, as you suggest, would probably be best, but if the differences in some of the schemas are too fundamental, it may not be practical to support all the commonly-used ones out there with a single database back end. Though at least some of the basic routines for handling LDAP server config info and managing communication channels can probably be kept common. > What I am doing right now is using the existing KDB LDAP plugin as a > base for a new plugin (I wonder if I should worry about namespace > collisions later), but of course ideally we should stick with a single > code base and have the differences handled by runtime configuration. > I'm > just not sure if that is feasible or not. It sounds good to me, but I can't judge the feasibility at the moment either. Ken ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
