On Wed, Apr 29, 2009 at 11:23:55PM -0500, Matt Domsch wrote: > On Thu, Apr 30, 2009 at 06:44:09AM +0300, Axel Thimm wrote: > > On Wed, Apr 29, 2009 at 02:03:55PM -0500, Mike McGrath wrote: > > > We worked pretty closely with different LDAP teams and the way FAS works > > > is just not very... ldapian. Although it's only some internal stuff that > > > we need (specifically related to our user/sponsor/admin bits in each > > > group. > > > > Can't this be implemented with a FAS ldap schema that contains these > > bits in ldap attributes? > > Can I reverse the question? Instead of a pam_fas module, what about > creating a way to export FAS information as LDAP, such that all > LDAP-consuming apps would "just work", albeit not able to access the > FAS-specific information? That was further up the thread: One could have FAS export the parts Mike needs in an ldif formated file and cron-import them into a *read only* ldap backend. You would need a sibling ldap instance running for serving ldap requests. If you mean having an ldap (read-only) interface to FAS coded, then I think that this is quite a lot of work. -- Axel.Thimm at ATrpms.net
Attachment:
pgp6TOoTv5YnO.pgp
Description: PGP signature
_______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
