[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Basic SASL setup instructions

To: "Edwin Chiu" <Edwin.Chiu@e-wares.com>, "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: Basic SASL setup instructions
From: "Jim Hud" <jdhz@btinternet.com>
Date: Wed, 18 Oct 2000 14:29:09 +0100
Cc: <openldap-software@OpenLDAP.org>
References: <5.0.0.25.0.20001005214116.00a620e0@router.boolean.net> <5.0.0.25.0.20001017090129.00a4be30@router.boolean.net> <5.0.0.25.0.20001017104153.00a60800@router.boolean.net> <5.0.0.25.0.20001017155326.00a7f160@router.boolean.net> <39EDA1EE.44232F8F@e-wares.com>

It is address book in Netscape that is being discussed, it does not work if
SSL and Login are enabled.  Not with client certs as far as I know, I
certainly have not tried them.


----- Original Message -----
From: "Edwin Chiu" <Edwin.Chiu@e-wares.com>
To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Cc: "Jim Hud" <jdhz@btinternet.com>; <openldap-software@OpenLDAP.org>
Sent: Wednesday, October 18, 2000 2:13 PM
Subject: Re: Basic SASL setup instructions


> Have you tried using just the Address Book in Netscape? I've never had
> any success with ldaps:// in Netscape... and unfortunately, LDAP doesn't
> seem to be present in Mozilla yet ;(
>
> The Address Book should support at minimum, SSL with client auth. I'm
> fairly certain it should support the use of client certs as well....
>
> Edwin
>
> "Kurt D. Zeilenga" wrote:
>
> > At 11:15 PM 10/17/00 +0100, Jim Hud wrote:
> > >Is it currently being worked on?
> >
> > Yes.
> >
> > >I was hoping to use TLS/SSL but neither
> > >Netscape or Outlook Express will work with authenticated SSL
> >
> > Note that client's TLS (SSL) certificate is not used establish
> > LDAP authorization unless the client requests a SASL/EXTERNAL
> > bind.
> >
> > >to slapd so SASL becomes the next best option,
> >
> > I didn't realize that Netscape and Microsoft clients had
> > implemented any SASL authentication methods yet.  I'm under
> > the impression they only support simple bind, but that they
> > did support this over both LDAP and LDAP over SSL.
> >
> > Netscape "smart" (anon search + simple bind) authentication
> > over ldaps:// doesn't work for me [the 0x61 issue others have
> > reported]... but simple bind works fine.  See FAQ for details
> > on how to provide a bind DN to Netscape.
> >   http://www.openldap.org/faq/index.cgi?file=138
> >
> > BTW, the test user "uid=test,dc=openldap,dc=org" w/
> > password "secret" is now available for testing purposes
> > at ldap://ldap.openldap.org/ & ldaps://ldap.openldap.org/
> >
> > >but I need the LDAP database to hold the id's and passwords.
> > >
> > >How can I help this along by adding my efforts?
> >
> > By enquiring on the developer's list.
>
>

Follow-Ups:
- Re: Basic SASL setup instructions
  - From: Michael Ströder <michael@stroeder.com>

References:
- Re: Basic SASL setup instructions
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: Basic SASL setup instructions
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: Basic SASL setup instructions
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: Basic SASL setup instructions
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: Basic SASL setup instructions
  - From: Edwin Chiu <Edwin.Chiu@e-wares.com>

Prev by Date: Re: Basic SASL setup instructions
Next by Date: RE: Basic SASL setup instructions
Index(es):
- Chronological
- Thread