[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL support in back-ldap & back-meta (ITS#3022)

quanah@stanford.edu wrote:

>--On Tuesday, June 15, 2004 7:54 AM +0000 Pierangelo Masarati 
><openldap-its@OpenLDAP.org> wrote:
>>back-ldap now supports identity assertion via proxyAuthz and/or native
>>SASL authz; the proxy must be configured with appropriate idassert-*
>>parameters to optionally use SASL for binding and identity assertion (or
>>There are no plans, currently, to do the same for back-meta.
>Thanks! I'll have to give this a whirl... I take it this won't actually 
>show up in releases until 2.3?
just committed a test about this; from HEAD/tests/, ./run test028
this simply tests the idassert feature; to use SASL authc/authz
on one of the two ldap databases in the tests you need to (compile
with SASL, of course, and) manually set the evironment variable
SLAPD_USE_SASL=yes; it uses DIGEST-MD5 because it's the
only I've played with, to use GSSAPI you'll need to play with
data/slapd-idassert.conf; I'll make this work thru the env as well.

Note that I didn't rebuild configure after changing configure.in
because I use different versions of autotools, so, until it gets
regenerated, you'll need to run autoconf yourself, to get SASL
automatic detection set up; another temporary solution is to
manually add AC_WITH_SASL=yes in tests/run

Ciao, p.

    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497