[Date Prev][Date Next]
Re: sasl and openldap.
Quoting "Tarjei Huse" <firstname.lastname@example.org>:
> 1. Does the use of ldap and sasl imply that the passwords are stored in the
> I.e: authclient (f.x. mailprog) -> machine -> ldap -> sasl -> sasldb
Not necessarily... SASL is just a 'middle-layer'... Instead of 'sasldb' in your
example, you could (as I and may others) use Kerberos (either v4 or v5)...
> 2. To use sasl auth in ldap, do you have to make a Openldap.conf file in the
> sasl pluginn dir?
> Part of the resond I'm asking, is because some of my ldap clients (mainly
> the gui ones for my pc) seem to be using ldap_sasl_bind when connecting
> (weired hu?) and I get errors that the slapd cannot access the sasldb file
> wich is logical since slapd is running as user ldap and sasldb is owned by
> root. I do not want to use sasldb btw, but have everything in my ldap db as
> I'm using my server both for pam_ldap and samba-tng authentication.
If you care to investigate the Kerberos issue more, I wrote a little howto
on getting OpenLDAP v2 and MIT Kerberos V5 to work together...
Turbo __ _ Debian GNU Unix _IS_ user friendly - it's just
^^^^^ / /(_)_ __ _ ___ __ selective about who its friends are
/ / | | '_ \| | | \ \/ / Debian Certified Linux Developer
_ /// / /__| | | | | |_| |> < Turbo Fredriksson email@example.com
\\\/ \____/_|_| |_|\__,_/_/\_\ Stockholm/Sweden