[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP and SASL problem



* Dieter Kluenter <dieter@dkluenter.de>:
> Gildas Bayard <gildas.bayard@hds.utc.fr> writes:
> 
> > Hello,
> >
> > I'm setting up a new ldap server on ubuntu server 8.04.3 LTS.
> > man slapd.conf encourages me into using SASL auth for rootdn instead
> > of setting the rootpw parameter in slapd.conf.
> >
> > So I created a user in sasldb with saslpasswd2. sasldblistusers2 give me
> > admin@coruscant: userPassword which is what is expected.
> > But then I see that the password there is in plain text so I don't
> > really get the advantage of using SASL then. So I decide to use
> > saslauthd instead (which in turn will use pam by default).
> 
> Why do you want to use saslauthd and sasldb to authenticate rootdn
> against slapd? And why do you complain about plaintext passwords in
> sasldb? How else could you response to a challenge based on a shared
> secret? 
> 
> > My problem is that I could not find how to tell openldap to use
> > saslauthd instead of sasldb.
> [...]
> 
> Because in most cases a ldap server maintains its own user database
> and password storage. Basics on how to implement SASL you can find in
> the Admin Guide
> http://www.openldap.org/doc/admin24/sasl.htm

I pretty much gave Gildas the same answer on the Cyrus SASL mailing list ...

p@rick



-- 
state of mind
Digitale Kommunikation

http://www.state-of-mind.de

Franziskanerstraße 15	   Telefon +49 89 3090 4664
81669 München              Telefax +49 89 3090 4666

Amtsgericht München        Partnerschaftsregister PR 563