[Date Prev][Date Next]
Re: external authentication in openldap
>>i am trying to set up an openldap (or netscape ldap) server , that
>>holds the user data, but not the passwords. the authentication should
>>actually be done by a third party, but transparent to the applications
>>that use the ldap server to authenticate.
Use want to use SASL authentication and then set up SASL to do
authentication via a pwcheck daemon in an arbitrary way. pwcheck daemons
exist which can authentication via sasldb, sql, or another ldap. for
information on this, see the cyrus projects http://asg.web.cmu.edu/cyrus/
which use sasl extensively. I'm afraid I can't tell you how to get
OpenLDAP to use sasl authentication, though; I've never done it and there
doesn't seem to be a lot of information out there.