Re: stupid question on LDAP support

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Mon, 15 Feb 2010 22:59:36 -0800 (PST)

On Mon, 15 Feb 2010, Mike Markley wrote:
>> ...and the query gets substituted into the "dn" and "filter" portion, and
>> the listed "attr"s are returned.
>
> Okay, but how do the returned attributes get mapped into something
> useful?

The database you're using is defined such that it specifies what it
expects back from whatever you put there.

Two related examples might help illustrate this better: The KeyTable (and
most other tables we currently have) is a table that expects to provide a
sender (user_at_host or maybe just host) and get back the name of a key to
use for signing. In that case, for LDAP, you would specify an LDAP URI
naming a single attribute. The SigningTable is a table that expects to
provide a key name and get back three things: a domain name, a selector
name, and a private key. In that case your LDAP URI would name the three
attributes your LDAP server uses to store those data, and responses would
be cut apart and used accordingly.
Received on Tue Feb 16 2010 - 06:59:55 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:32:52 PST