[KLUG Members] LDAP via URL

[Michael Lueck]

On Tue, 28 Jun 2005 14:05:25 -0400, Adam Tauno Williams wrote:

>I'm not aware that you can modify the directory

OK, so thinking in terms of SQL, I get select but not insert/update/delete
capabilities.

>or perform SASL
>authentication 

Oh yea, authentication! ;-) Yup that would be part of the URL chatter wouldn't
it. So URL based queries would be limited to somehow encrypting the ID/pw as it
passes it through the URL? (I remember you covered this quite well in terms of
email clients and various password methods... roughly the same concepts apply
here?)

Let's assume this application is fine with a single utility ID/pw built into
it, non changing and quite hard coded. So for minimal security it would be nice
to perform some sort of mangling of the password so it does not scream STEAL ME
if someone drops a sniffer on the internal LAN.

I think I am going to make it to KLUG tonight, check out that DFS stuff a bit.
Could you happen to bring along your handy LDAP GUI admin tool for a quick tour
on the side? Read only access to LDAP from my development environment means I
am NOT developing the admin interface to this.

Is there the ability to:

1) Run two LDAP servers on the same box, on the replica of bits of the other,
and the replica one is the one which opens a URL socket or

2) Restrict access of a single LDAP server to specify what part of the entire
database is URL accessible? (Or is this simply ID level security and the URL
component does not matter?)

Thanks!

Michael Lueck
Lueck Data Systems
http://www.lueckdatasystems.com/