[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL & /usr/lib/sasl/slapd.conf



OpenLDAP defaults disable PLAIN and ANONYMOUS.  Server
defaults can be changed via slapd.conf(5).  Client defaults
can be changed via the command line or ldap.conf(5).

Kurt

At 06:06 PM 2002-01-22, alan milligan wrote:


>Hi,
>
>I have been having a few problems with my SASL setup, which I have mostly
>resolved, however, I think I may have discovered a bug along the way.
>
>A quick look at the code in servers/slapd/sasl.c suggests that the
>sasl_server_init( callbacks, "slapd") call is made, and the
>/usr/lib/sasl/slapd.conf should be read.  There is however, some less than
>obvious code somehow using the callbacks to resolve pathname.
>
>I did not feel that it was using this file (although the SASL doco
>strongly suggests it must).
>
>To test, I set sasl_secprops to none, and thus had PLAIN, and ANONYMOUS
>appear as supportedSASLMechanisms.  But the -Y option on ldapsearch refused
>to allow either of these, so I could not verify pwcheck_method pam in my
>/usr/lib/sasl/slapd.conf:
>
>[root@mistress openldap]# ldapsearch -D "uid=ispman,o=ispman" -b "o=ispman"
>-Y PLAIN
>ldap_sasl_interactive_bind_s: Unknown authentication method
>
>I am using linux-2.4.12, cyrus-sasl-1.5.27, and openldap-2.0.19
>
>Cheers, Alan
>
>_________________________________________________________________
>Send and receive Hotmail on your mobile device: http://mobile.msn.com