[KLUG Members] LDAP via URL

[Adam Tauno Williams]

> Are there any limitations as to how much interaction is possible against a LDAP
> server if a URL method is used to access the server? This would be considering
> the world down at programming level. Basically fishing for the "yea URL is fine
> but don't expect to do XYZ with it" type of info.

I'm not aware that you can modify the directory or perform SASL
authentication (at least I've never met a browser that supports it).
Anonymous queries should work, and any search filter may be expressed as
a URL,  simple authentication may work depending on the client but I
doubt even PLAIN (a SASL mech) will work.   Kerberos should work but
didn't when I tried it  - I think this is a deficiency in most clients.
With only simple authentication and anonymous connections you aren't
going to be able to chase referrals from the client side so Dit that
contain more than one partition will not be searchable across partitions
(you can't probably work around this on the server side using back-ldap
or back-glue).