On 9/24/07, Alex Karasulu <
akarasulu@...> wrote:
>
> Hi all,
>
> Here's a document I've been preparing for enabling the delegation of
> authentication feature. It's
> minimal for now until we flush out some of the ideas but any feedback is
> going to be greatly
> appreciated.
>
> Overall I am finding that this feature will really be half a solution
> without enabling some kind
> of virtualization within the server. And when we do enable
virtualization
> it will completely impact
> the implementation of the feature. So going back to Ersin's point about
> enabling virtual attributes
> within the server I am seeing repeated that it's a big must.
>
> Alex
I was wondering if anything further had been done with the delegation of
authority feature described on the wiki page (
http://directory.apache.org/apacheds/1.5/delegation-of-authentication.html)?
This page describes exactly what I need to do, but in looking around, I
was not able to find a feature description, a new feature ticket in jira,
or even discussion on the mailing lists. I actually have a sort of
limited special case application. The objects in the apache directory
would be manipulated by authorized users either within the apache
directory or within the corporate Active directory. Essentially, the only
objects in the Apache directory (controlled by me) would be the
"additional" objects not present in the corporate directory (controlled by
the powers that be). I would have user objects for our collaborators, as
well as groups denoting committees, projects, etc.
The feature is also described on the 389 directory server page (here:
http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Using_the_Pass_through_Authentication_Plug_in.html).
My question is: Does "Pass Thru Authentication" as described on the 389
server page still open a pandora's box of internal issues as alluded to on
the ApacheDS wiki page? Or does the PTA plugin map reasonably well to a
"custom authenticator" implementation with relatively minimal impact on
the rest of the server?
Thx,
Bryce
