[Date Prev][Date Next] [Chronological] [Thread] [Top]

Basic SASL setup instructions


I've been trying to setup SASL authentication with OpenLdap 2.0.4, and
don't quite know where to start.

Last month I saw a series of posts between Hugo and Kurt on a basic SASL
setup. I tried what was outlined, but I think I've missed a couple of

Basically I copied the entry of an existing user and modified their
'userpassword' attribute to: {sasl}, then used saslpasswd to create
/etc/sasldb with that users name, realm and password. (there was a mention
of {sasl}xxxxxxxxxx  entries also for simple bind. I don't want simple
bind, so need to know how to setup the full-sasl way).

When I try to login as the user through ssh or a console login it fails. When I try to use 
ldapsearch, no matter how I enter their info with  ldapsearch -D "various
dn's combining realm info" -W  it responds with:  

 ldap_bind: Invalid credentials. 

So, a few questions:

- What setup steps do I need to get basic SASL functionality working so
that services authenticate through ldap/sasl and ldap utilities bind
through sasl rather than simple auth with cleartext passwords.

- What format do I need to use for the ldap utilities? I assume -D is
not supposed to be used with sasl. I've seen the -I -U and other switches,
but nothing I've tried seems to work (basically the utilities tell me I'm
not using the switches correctly).

- In addition to the setup on the server, what do I need on my clients to
get them to use sasl?

- Has anyone used openssl and/or kerberos instead of sasl? Which is

- Nalin from Red Hat posted some RPM's of OpenLDAP 2.0.4. Does anyone
know if these have sasl support compiled in? 

Thanks in advance!

Rob Watt
System Administrator