[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: sasl issue - but I don't want sasl atm

To: Buchan Milne <bgmilne@staff.telkomsa.net>
Subject: Re: sasl issue - but I don't want sasl atm
From: Da Rock <rock_on_the_web@comcen.com.au>
Date: Thu, 02 Apr 2009 19:53:27 +1000
Cc: openldap-technical@openldap.org
In-reply-to: <200904021000.47731.bgmilne@staff.telkomsa.net>
References: <1238370389.53317.93.camel@laptop1.herveybayaustralia.com.au> <49D2ABB1.3020308@stroeder.com> <1238575496.44542.34.camel@laptop1.herveybayaustralia.com.au> <200904021000.47731.bgmilne@staff.telkomsa.net>

On Thu, 2009-04-02 at 09:59 +0200, Buchan Milne wrote:
> On Wednesday 01 April 2009 10:44:56 Da Rock wrote:
> > On Wed, 2009-04-01 at 01:48 +0200, Michael Ströder wrote:
> > > Da Rock wrote:
> > > > so I'm trying to
> > > > work out how to setup the system to do a simple bind
> > >
> > > ldapsearch -x -D <bind-DN>
> >
> > I know that, thanks, but this is affecting other apps from obtaining
> > data from the system. I can also just go ldapsearch -x for anonymous. It
> > appears I'm all in or bust! Unless I can set it up so apps can do simple
> > bind...
> 
> If you can do a simple bind (anonymous, or authenticated), there (in most 
> cases) is nothing preventing other applications from doing simple binds. 
> Having SASL support compiled in to the server does not prevent other 
> applications for doing simple binds.
> 
> Maybe you should provide more information about the applications in question, 
> and how they are configured.
> 
> (Note: In the past Apple's LDAP client software for Mac OS seems to use 
> whichever SASL mechanisms are advertised by the LDAP server, but this again 
> isn't about SASL support being compiled in or not).

Thats what I would have figured, yet I get no joy, nothing I can see out
of the ordinary in the logs, and all the apps are auth types (courier,
pam, postfix)- plus records for bind.

Bind doesn't bind to the ldap, and I'm trying to setup the others to do
the same. Obviously, courier has to bind to confirm auth- but only as
the user (not bind as courier, then again as the user).

Bind works: tested that myself. The others fail miserably.

I'm not entirely sure what else I need to add exactly, the platform is
freebsd with openldap built with sasl from ports.

Before anyone suggests it, I already have a mail server running
(postfix, courier); I want ldap as lookup source to ease administration.
The pam is completely new to me, I'm following a lot of howtos on the
web to compile a picture of how it all works.

Now as to pam, I thought it must be my ineptitude in configuration, so I
put it on hold and moved to something easier. Unfortunately I hit a
similar snag there with the imap auth, hence I looked at the ldapsearch
angle. Seems I could be wrong there based on comments received....

Follow-Ups:
- Re: sasl issue - but I don't want sasl atm
  - From: Michael Ströder <michael@stroeder.com>

References:
- Re: sasl issue - but I don't want sasl atm
  - From: Da Rock <rock_on_the_web@comcen.com.au>
- Re: sasl issue - but I don't want sasl atm
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>

Prev by Date: Re: syncrepl issue
Next by Date: Re: sasl issue - but I don't want sasl atm
Index(es):
- Chronological
- Thread