Andrew: > One suggestion following a very quick scan of the code: I think it > would be worth bringing the warning about turning off TLS checks > into the manual page.
Agreed. Done. > In particular, there is no reason for this > to be AD-specific and it should be easy to adapt it to authenticate > against any [collection of] remote LDAP servers. Actually, it may not be AD specific as is. If you define default_domain to be some rubbish, and default_realm to be the remote AD server, then everything else (including the remote bind DN) can be fetched from the DIT. But I haven't tried this. But what wouldn't get passed back is any information flowing from password controls - and that's an annoyance, which is why I didn't generalise the code (and because HP had no business need for that approach anyway). Cheers, Neil -- SSL, HP Labs/Office of Strategy and Technology Hewlett-Packard Limited Registered Office: Cain Road, Bracknell, Berks RG12 1HN Registered No: 690597 England
