Re: SASL PAM Authentication

[Craig Gallek <cgallek@andrew.cmu.edu>]

I'm using the Debian slapd package so slapd.conf is in /etc/ldap. 
OpenLDAP is compiled with sasl support.  The result of 'ldapsearch -x -s
base -b "" supportedSASLMechanisms' is listed below.  I'm not using the
-x option for any other commands if that is what you mean by simple
binding.

# extended LDIF
#
# LDAPv3
# base <> with scope base
# filter: (objectclass=*)
# requesting: supportedSASLMechanisms
#
 
#
dn:
supportedSASLMechanisms: NTLM
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: ANONYMOUS
supportedSASLMechanisms: CRAM-MD5
 
# search result
search: 2
result: 0 Success
 
# numResponses: 2
# numEntries: 1

On Sat, 2003-09-13 at 03:47, Edward Rudd wrote:
> Is the slapd.conf file in the correct directory?
> Is openldap compiled with sasl support?
> and 3rd, OpenLDAP will only use the sasl backend when doing a sasl
> bind.. when doing s simple bind it will ONLY use the internal
> userpassword field (AFAIK).
> 
> On Sat, 2003-09-13 at 01:28, Craig Gallek wrote:
> > I'm having trouble with the slapd authentication mechanism.  I have
> > successfully managed to get slapd to authenticate a user through the
> > PLAIN mechanism authenticating against the userPassword field of a
> > directory entry.  I have also successfully installed SASL and the
> > saslauthd.  I have configured saslauthd to authenticate against the PAM
> > modules on my machine.  testsaslauthd successfully authenticates against
> > the local shadow password database.
> > 
> > Now I am trying to make slapd authenticate against saslauthd (or even
> > directly using the SASL PAM libraries) rather than against the
> > userPassword field in the directory.  I've tried setting the
> > pwcheck_method in slapd.conf to saslauthd.  This did not seem to have
> > any effect on the authentication process or the output log information.
> > 
> > Any suggestions would be appreciated.