[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL docs?

On Mon, 11 Sep 2000, Kurt D. Zeilenga wrote:

> At 10:05 PM 9/11/00 +0200, Hugo.van.der.Kooij@caiw.nl wrote:
> >
> >I installed SASL and compiled OpenLDAP 2.0.1 so it now has SASL support.
> >Unfortunatly I failed to read/find the proper documentation to get import
> >my ldif file now.
> >So I would welcome some pointers (URL) to SASL documentation or even
> >better a hint to get SASL + OpenLDAP usable for me.
> Add users to your SASLdb using saslpasswd(1) or external authenication
> service (such as Kerberos V).  slapd(8) will automatically authenticate
> any valid SASL user and assign an authorization DN of the form
> "uid=username + realm=REALM".  Depending on the mechanism/configuration
> (sasl-realm), the form might also be "uid=username@KREALM" (GSSAPI) or
> just "uid=username".  Once you get successful authentication, you can
> look at slapd.conf to see what authorization DNs are being produced.
> You can then make use of the authorization DNs in ACLs or rootdn
> specications: 
>   rootdn "uid=user"
> or
>   rootdn "uid=user + realm=EXAMPLE.COM"
> and:
>   access to * by dn="uid=[^,]*" self write

So if I understand this correctly I can use SASL for my rootdn password
instead of a cleartext variable in the slapd.conf file but the user
passwords will remain using the build-in password types in the 2.0
releases. (Just to make sure I have grasped the topic.)


Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ  Maasland
hvdkooij@caiw.nl	http://home.kabelfoon.nl/~hvdkooij/
Quoting this tagline is illegal! (http://www.dtcc.edu/cs/rfc1855.html)