[Date Prev][Date Next] [Chronological] [Thread] [Top]

Documenting the usage of /usr/lib/sasl2/slapd.conf (ITS#3164)

Full_Name: Tarjei Huse
Version: 2.x.x
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

The OpenLDAP documentation lacks a description on how to get an OpenLDAP-server
into a kerberosdomain.  Also it lacks a good description of how to use a
different keytab than the default keytab for the system. 

However something like this might help:

<headline>Configuring SASL</headline>
By default SASL reads it's configuration from /usr/lib/sasl/App.conf (where
"App" is the application defined name of the application). For Openldap this is

Also, some configuraionoptions are handled in the normal slapd.conf
configurarionfile. These are related to password security and transelation of
sasl userids to ldap DNs (se below). Also refer to man 5 slapd.conf.

Use /usr/lib/sasl2/slapd.conf to set which configurationmechanism you want to
use with Openldap and what options it especially needs. 

(this is for Kerberos, with a special keytab for the LDAP-server.)
pwcheck_method: gssapi
keytab:        /etc/krb5.keytab.ldap

More information can be found here:
* The documentation bundled with your Cyrus Sasl distribution.
* http://www.sendmail.org/~ca/email/cyrus/sysadmin.html