ptsLDAP v1.0a
A Drop-In PTServer Replacement For OpenAFS

What is PTServer?
   PTServer is the OpenAFS Protection Server. Its primary job is to facilitate the translation back and forth between UIDs, GIDs and their names. PTServer also is responsible for letting users and administrators manage groups, users and their group memberships. The other AFS processes, including the client functionality ask PTServer what groups a user is a member of in order to determine whether or not a user meets the ACL requirements of a directory. PTServer maintains its own database of users, groups and membership and is administered via the 'pts' program.

What is ptsLDAP?
   ptsLDAP replaces the OpenAFS ptserver with a module that connects to an LDAP directory server (or more importantly, an Active Directory style LDAP server) to obtain its information rather than maintaining its own database- essentially becoming a proxy to LDAP instead of using ubik. This alleviates the frustration of trying to maintain an up-to-date list of users that takes into account users that have recently been added to or removed from the Active Directory or LDAP Directory.

   ptsLDAP would have a home in your setup if your user principals and groups all come from an LDAP (or Active Directory LDAP) server that has its schema extended to include uid and gid information. ptsLDAP is the key to eliminating synchronization and replication from your environment.

Project Goals

Broader Picture