[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SASL docs?
On Mon, 11 Sep 2000, Kurt D. Zeilenga wrote:
> At 10:05 PM 9/11/00 +0200, Hugo.van.der.Kooij@caiw.nl wrote:
> >
> >I installed SASL and compiled OpenLDAP 2.0.1 so it now has SASL support.
> >Unfortunatly I failed to read/find the proper documentation to get import
> >my ldif file now.
>
> >So I would welcome some pointers (URL) to SASL documentation or even
> >better a hint to get SASL + OpenLDAP usable for me.
>
> Add users to your SASLdb using saslpasswd(1) or external authenication
> service (such as Kerberos V). slapd(8) will automatically authenticate
> any valid SASL user and assign an authorization DN of the form
> "uid=username + realm=REALM". Depending on the mechanism/configuration
> (sasl-realm), the form might also be "uid=username@KREALM" (GSSAPI) or
> just "uid=username". Once you get successful authentication, you can
> look at slapd.conf to see what authorization DNs are being produced.
>
> You can then make use of the authorization DNs in ACLs or rootdn
> specications:
> rootdn "uid=user"
> or
> rootdn "uid=user + realm=EXAMPLE.COM"
>
> and:
> access to * by dn="uid=[^,]*" self write
So if I understand this correctly I can use SASL for my rootdn password
instead of a cleartext variable in the slapd.conf file but the user
passwords will remain using the build-in password types in the 2.0
releases. (Just to make sure I have grasped the topic.)
Hugo.
--
Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ Maasland
hvdkooij@caiw.nl http://home.kabelfoon.nl/~hvdkooij/
--------------------------------------------------------------
Quoting this tagline is illegal! (http://www.dtcc.edu/cs/rfc1855.html)