[Date Prev][Date Next] [Chronological] [Thread] [Top]

Has anyone found a workaround? SASL/LDAP

To: openldap-software@OpenLDAP.org
Subject: Has anyone found a workaround? SASL/LDAP
From: "Steven J. Sobol" <sjsobol@JustThe.net>
Date: Fri, 3 Oct 2003 17:23:11 -0400 (EDT)

Was wondering if anyone has found a workaround for the SASL reentrancy
problem that occurs when... well, this is the situation I ran into the
first time I tried this. (about a year ago, and I wasn't using a SASL
version that shipped with saslauthd)

I want to use LDAP as a centralized user database. Trouble is, OpenLDAP 2
uses the CMU SASL Library and so does my IMAP/POP server of choice, CMU's
Cyrus. So the user goes to log in, gets authenticated against the LDAP
database using SASL, the SASL library gets called again by OpenLDAP,
and... well... it's just messy.

My plan is to use saslauthd and PAM (pam_ldap) to authenticate people to
the Cyrus server. Would using PAM avoid this problem? Previously I used a
hacked-up copy of the SASL pwcheck daemon that first checked /etc/passwd
and then LDAP - perhaps using saslauthd will eliminate the reentrancy
issue?


-- 
JustThe.net Internet & Multimedia Services
22674 Motnocab Road * Apple Valley, CA 92307-1950 
Steve Sobol, Proprietor 
888.480.4NET (4638) * 248.724.4NET * sjsobol@JustThe.net

Follow-Ups:
- Re: Has anyone found a workaround? SASL/LDAP
  - From: Tony Earnshaw <tonni@billy.demon.nl>
- RE: Has anyone found a workaround? SASL/LDAP
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: slow adds of member attribute in large groups
Next by Date: RE: slow adds of member attribute in large groups
Index(es):
- Chronological
- Thread