directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Enrique Rodriguez <>
Subject Re: LDAP Triggers use cases: Need for real world data
Date Sat, 15 Jul 2006 18:57:07 GMT
Ersin Er wrote:
> Enrique Rodriguez wrote:
>> Ersin Er wrote:
> So the Change Password Protocol provider is currently able to do this
> generation/conversion but the Core and LDAP Protocol Provider are not
> aware of this, right?

Correct.  Change Password protocol provider can also enforce password 
policy (minimum length, character mix, etc.) which at some point should 
be enforced globally.

> OK, so we'll have Triggers for modification type operations for the
> ou=Users based subtree. Is it reasonable to do this with an AFTER
> Trigger so that the Kerberos related attributes will be updated just
> after the entry has been added/modified? Because I'm not sure whether
> we'll support modification of request parameters inside triggered stored
> procedures.

I think this makes sense.

>> By using triggers we can address this need server-side, and not
>> require any custom client side logic to derive keys from passwords. 
>> This will make the use of Apache Directory with Kerberos much easier.
> More hints are welcome ;-) We may also have an IRC session on
> implementing this. I'll finish the preliminary version of triggers for
> playing with in a few days.

I am really looking forward to this.  This is going to make working with 
Kerberos way more user-friendly.


View raw message