[KLUG Members] FYI: [users-groupware] New version of Mozilla Calendar]

[members@kalamazoolinux.org]

>>Run slapd (the LDAP server) with the passwd backend!  Then your /etc/passwd
>>file IS the contents of your DSA.  No migration required.  Each line in
>>/etc/passwd is morphed into a posixAccount object, all real-time.
>I haven't got it to work yet, but in the course of my research, 
>I turned up the following disturbing message:
>http://www.openldap.org/lists/openldap-software/200001/msg00189.html
>It sounds like that will not work for me anyway.  The message says:
>"Note, however, the passwd backend is search only...
>it doesn't support authentication."
>The message is a couple years old.  Do you know if that's still true?
>Have you ever run a LDAP passwd backend?

Yes,  I set one up so I could look at the masters passwd file remotely.  Used
for debugging.  PAM & NSS look in local files and then LDAP,  so files can
"override" LDAP. Thus it is nice to know what is in the local passwd file when
something odd happens.  But I haven't used one for authentication.  I suppose it
would depend on how "authentication" is handled.  One cannot bind to the passwd
backend except anonymously (like NIS),  but one could certainly grab the crypt
and perform a compare operation in the application,  which I *assume*
phpgroupware is doing as I don't know how they would be calling getpwent and
such.  But I've never looked at there code.  But if you can use mail for
authentication (like turba and kronolith use imp for authentication) I'd do that
anyway since it takes you back to PAM.  And PAM rocks!