directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu" <akaras...@apache.org>
Subject [ApacheDS] Delegated authenticator ideas
Date Fri, 21 Sep 2007 01:02:08 GMT
Hi all,

I started working on the concept of a delegated authenticator.  The concept
is simple: if a principal matches
certain criteria, the bind operation delegates authenticating the user to
some external system.

At first I wanted this feature to delegate authentication to AD. ApacheDS
while used for many applications
often needs to point to AD as the primary credential store.  You just can't
expect companies to drop AD for
us just yet :).  So the aim driving this is to delegate authentication to
AD.

In doing this I realized that I could just make it work with any LDAP server
since the mechanism would
essentially be the same.  The solution could however be generalized even
farther by enabling delegated
authentication to any external system but at this point I don't think I'm
going to bother with this.

Now I am thinking how to enable delegation to multiple LDAP servers and how
to map users to these
servers.  Then how do you make users in ApacheDS to another principalDn in
the external server?

Any thoughts on this?

Alex

Mime
View raw message