[Date Prev][Date Next] [Chronological] [Thread] [Top]

sasl and openldap.


After finally getting my head around some of the sasl ideas, I have some
questions on how to use sasl in the context of openldap.

1. Does the use of ldap and sasl imply that the passwords are stored in the
I.e: authclient (f.x. mailprog) -> machine -> ldap -> sasl -> sasldb

2. To use sasl auth in ldap, do you have to make a Openldap.conf file in the
sasl pluginn dir?

3. If you use sasl_password_check: pam and pam ldap, wouldn't that look a
bit wierd?

f.x. cyrus imapd -> sasl -> ldap -> pam -> ldap ?
or ...?

or, how does this work?

Part of the resond I'm asking, is because some of my ldap clients (mainly
the gui ones for my pc) seem to be using ldap_sasl_bind when connecting
(weired hu?) and I get errors that the slapd cannot access the sasldb file
wich is logical since slapd is running as user ldap and sasldb is owned by
root. I do not want to use sasldb btw, but have everything in my ldap db as
I'm using my server both for pam_ldap and samba-tng authentication.

I hope I can get some input on this.