[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Basic SASL setup instructions

To: "Jim Hud" <jdhz@btinternet.com>
Subject: Re: Basic SASL setup instructions
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Tue, 17 Oct 2000 10:13:57 -0700
Cc: "Robert Watt" <watt@collab.net>, <openldap-software@OpenLDAP.org>
In-reply-to: <029801c03813$527669c0$4e42a8c0@dhntnbook>
References: <5.0.0.25.0.20001005214116.00a620e0@router.boolean.net>

At 09:21 AM 10/17/00 +0100, Jim Hud wrote:
>>The don't bother with userPassword...  setup up Cyrus SASL.
>>Make sure it works (using Cyrus provided sample client and server
>>and -s "ldap").  Then use same mechanism, authentication identities,
>>secrets with slapd.
>
>Does this mean that the userids and user passwords are not/cannot be held in
>the LDAP database at the server end?

You can store a password in userPassword.  Simple bind will use it.
SASL/PLAIN may use it as well if you configure Cyrus SASL to use
an LDAP-enabled pwcheckd or LDAP-enabled PAM.

For SASL/DIGEST-MD5, slapd currently relies on Cyrus SASL to
maintain the secret in its SASLdb.  This allows slapd to share
the same user/secret database as other application protocol
servers.

Kurt

Follow-Ups:
- Re: Basic SASL setup instructions
  - From: "Jim Hud" <jdhz@btinternet.com>

References:
- Re: Basic SASL setup instructions
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: Basic SASL setup instructions
  - From: "Jim Hud" <jdhz@btinternet.com>

Prev by Date: acl's and openldap-2.0.6
Next by Date: Re: Basic SASL setup instructions
Index(es):
- Chronological
- Thread