[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: userPassword field in OpenLDAP

To: openldap-software@OpenLDAP.org
Subject: Re: userPassword field in OpenLDAP
From: Turbo Fredriksson <turbo@bayour.com>
Date: 23 Mar 2001 13:32:37 +0100
Cc: Jean-Eric Cuendet <Jean-Eric.Cuendet@linkvest.com>
In-reply-to: Jean-Eric Cuendet's message of "Fri, 23 Mar 2001 09:37:37 +0100"
Organization: LDAP/Kerberos expert wannabe
References: <B45465FD9C23D21193E90000F8D0F3DF683AAC@mailsrv.linkvest.com>
User-agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7

Quoting Jean-Eric Cuendet <Jean-Eric.Cuendet@linkvest.com>:

> But for external SASL authentification (GSSAPI or other), what should be the
> value of this parameter?
> Should it be completely removed? Or should it be set dependently of the
> mechanism used?

If you want simple authentication (-x, -D, -W and -w flags to ldapsearch etc)
because of backward compability with older clients, then exchange it with

userPassword: {SASL}username

You will have to compile with '--enable-spasswd' for this to work. If you on
the other hand (like me) are using KerberosV to store your passwords, compile
with '--enable-kpasswd', and use

userPassword: {KERBEROS}principal

http://www.bayour.com/kerberos/Kerberos-MiniHOWTO.html#krb5_userPassword-attrib

-- 
 Turbo     __ _     Debian GNU     Unix _IS_ user friendly - it's just 
 ^^^^^    / /(_)_ __  _   ___  __  selective about who its friends are 
         / / | | '_ \| | | \ \/ /   Debian Certified Linux Developer  
  _ /// / /__| | | | | |_| |>  <  Turbo Fredriksson   turbo@tripnet.se
  \\\/  \____/_|_| |_|\__,_/_/\_\ Stockholm/Sweden

References:
- userPassword field in OpenLDAP
  - From: Jean-Eric Cuendet <Jean-Eric.Cuendet@linkvest.com>

Prev by Date: Re: filtering the search
Next by Date: Re: Small HOWTO about OpenLDAP2, SASL, Kerberos and SSL/TLS (Was: OpenLDAP2 and SASL/Kerberos)
Index(es):
- Chronological
- Thread