Add initial LDAP attribute ACL verifier

A new ACL type, ldap-attr (Wallet::ACL::LDAP::Attribute), is now supported. This ACL type grants access if the LDAP entry corresponding to the principal contains the attribute name and value specified in the ACL. The Net::LDAP and Authen::SASL Perl modules are required to use this ACL type. New configuration settings are required as well; see Wallet::Config for more information. To enable this ACL type for an existing wallet database, use wallet-admin to register the new verifier.
author: Russ Allbery <rra@stanford.edu> 2012-04-03 20:40:01 -0700
committer: Russ Allbery <rra@stanford.edu> 2012-04-03 20:40:01 -0700
commit: f1eab726c10be66e94f6984418babfa9d68993b0 (patch)
tree: b5588af37c06a842abc893646e7f1be97d4ed2de /README
parent: f265274b66406a524fbef6162dcb642cc0441d23 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/README b/README
index c981272..c440b8c 100644
--- a/README
+++ b/README
@@ -95,6 +95,10 @@ REQUIREMENTS
   binary that supports the -norandkey option to ktadd.  This option is
   included in MIT Kerberos 1.7 and later.
 
+  To support the LDAP attribute ACL verifier, the Authen::SASL and
+  Net::LDAP Perl modules must be installed on the server.  This verifier
+  only works with LDAP servers that support GSS-API binds.
+
   To support the NetDB ACL verifier (only of interest at sites using NetDB
   to manage DNS), the Net::Remctl Perl module must be installed on the
   server.
author	Russ Allbery <rra@stanford.edu>	2012-04-03 20:40:01 -0700
committer	Russ Allbery <rra@stanford.edu>	2012-04-03 20:40:01 -0700
commit	f1eab726c10be66e94f6984418babfa9d68993b0 (patch)
tree	b5588af37c06a842abc893646e7f1be97d4ed2de /README
parent	f265274b66406a524fbef6162dcb642cc0441d23 (diff)