On Wed, Apr 29, 2009 at 11:23:55PM -0500, Matt Domsch wrote:
On Thu, Apr 30, 2009 at 06:44:09AM +0300, Axel Thimm wrote:
> On Wed, Apr 29, 2009 at 02:03:55PM -0500, Mike McGrath wrote:
> > We worked pretty closely with different LDAP teams and the way FAS works
> > is just not very... ldapian. Although it's only some internal stuff that
> > we need (specifically related to our user/sponsor/admin bits in each
> > group.
>
> Can't this be implemented with a FAS ldap schema that contains these
> bits in ldap attributes?
Can I reverse the question? Instead of a pam_fas module, what about
creating a way to export FAS information as LDAP, such that all
LDAP-consuming apps would "just work", albeit not able to access the
FAS-specific information?
That was further up the thread: One could have FAS export the parts
Mike needs in an ldif formated file and cron-import them into a *read
only* ldap backend. You would need a sibling ldap instance running for
serving ldap requests.
If you mean having an ldap (read-only) interface to FAS coded, then I
think that this is quite a lot of work.
--
Axel.Thimm at
ATrpms.net