[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Mapping userPassword to Kerberos 5
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Stephen Frost
> * Lewis Thompson (purple@lewiz.info) wrote:
> > On Wed, Aug 06, 2003 at 11:23:57AM -0400, Stephen Frost wrote:
> > > It might be enough to compile with --enable-spasswd
> (SASL) and to then
> > > use {SASL} in the userPassword. I'd like to know if this
> actually works
> > > or not...
> [...]
> > I've been having troubles with this for a while; I thought it was
> > because I was trying to use {KERBEROS} but I get the same
> with {SASL}.
> > This is FreeBSD, not Debian but it might be of some use to you.
>
> I appriciate the attempt but what you're trying to do is actually
> different from what we're discussing. You're trying to bind to LDAP
> using SASL and Kerberos credentials, which doesn't use userPassword at
> all. userPassword is only used if you're trying to perform a simple
> bind to LDAP.
That's not entirely true; SASL binds using Digest-MD5/CRAM-MD5 and some other
mechanisms will actually try to use the userPassword attribute of the entry
corresponding to the SASL DN. For SASL/GSSAPI and SASL/EXTERNAL the
userPassword attribute is not involved, as you said.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support