(Illustration by Gaich Muramatsu)
Hi, I'm working on a network where every services use LDAP to authenticate users. That's why I am working on a LDAP based clog utility. I'am trying to do things right, so that it can be used by others. I don't know if this is of any kind of interest to the Coda users. Using LDAP is prety easy since we just have to bind to the LDAP server using a given username & password to check if we are authorised. Still, the source code is quite complicated and I could use a hand on some of my questions : - are ACLs checker(s) only based on tokens, or do they make references to the user database ? what I mean here is : do I have to create a new user in pdbtool for each of the users in the LDAP database ? If I do, is it possible to check if a user exists in the server database without using any password ? - I see in U_BindToServer (line 325 of coda/coda-src/auth2/auser.c) a loop on each of the auth servers. while using LDAP there is only one LDAP server, do the tokens have to be registered to each servers or is it that the tokens are stored on the client and sent to the servers at each requests if needed ? - I am not sure where the token is generated, I don't really get the whole token system in fact, if it is generated by the client wouldn't that be a security issue ? So if it generated by the server, LDAP auth doesn't seems that easy :( do you think it is usefull to create a whole new way to authenticate users, or should I create a tool to synchronize coda user database with the ldap ? thanks a lot -- StephaneReceived on 2007-03-07 13:21:38