[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5207) Password checking: external program

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5207) Password checking: external program
From: bgmilne@staff.telkomsa.net
Date: Thu, 1 Nov 2007 10:34:40 GMT

On Thursday 01 November 2007 12:15:28 Hadmut Danisch wrote:
> Buchan Milne wrote:
> > So wouldn't the existing {SASL} scheme for userPassword (which allows a
> > simple bind to be authenticated against a SASL identity) be sufficient?
>
> Not really, because SASL is not just a server plugin, it requires the
> client to have SASL (and the plugins) as well. Unfortunately, this is
> not the case in most scenarios.

So you are unaware of the {SASL} scheme for userPassword, where slapd receives 
a simple bind, and tries to authenticate the user (as a SASL client) via the 
SASL mechanism with the identity following the scheme identifier in the 
userPassword attribute.

It is documented to some degree in the FAQ-o-matic.

Regards,
Buchan

Prev by Date: Re: (ITS#5191) Corrupted control value when using pagedresults with subordinate database
Next by Date: Re: (ITS#5207) Password checking: external program
Index(es):
- Chronological
- Thread