[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP and Cyrus SASL

To: <OpenLDAP-software@OpenLDAP.org>
Subject: OpenLDAP and Cyrus SASL
From: "Karl Lattimer" <k.lattimer@nnc-consultancy.co.uk>
Date: Mon, 3 Mar 2003 12:18:17 -0000
Importance: Normal
Organization: No Nonsense Computer Consultancy

When using SASL with OpenLDAP do I need to add an entry into the LDAP
directory specifically for authentication? 

I am of the understanding that I don't, instead I use a login name on the
LDAP server like 

uid=someuser,cn=DIGEST-MD5,cn=auth 

With the SASL-regexp directive set as 

sasl-regexp
        uid=(.*),cn=.*,cn=auth
        uid=$1,ou=People,o=myorganisation

I'm a little confused as to how these plug together so please help!

If this isn't the case could someone tell me what I need to do to get users
authenticating against SASL?

i.e. what I should put in an LDIF file to add to the LDAP server

I would also like to know if I can store the manager password in SASL?

Also what access controls could I use so anyone in the sales ou could write
to that ou and read from all others, but users who haven't authenticated
can't read anything?

Thanks in advance 
        Karl


Extra information
-----------------

openldap-2.0.23-4 (is linked against SASL)
	ldbm database
	
cyrus-sasl-2.1.2-1
OS: redhat 7.3

also using SASL for Cyrus IMAPd and in the future SMTP auth.

Follow-Ups:
- RE: OpenLDAP and Cyrus SASL
  - From: "Howard Chu" <hyc@highlandsun.com>
- Re: OpenLDAP and Cyrus SASL
  - From: Tony Earnshaw <tonni@billy.demon.nl>

Prev by Date: Re: test failed 2
Next by Date: Re: Clarification on SSL/TLS and GQ problem
Index(es):
- Chronological
- Thread