[Date Prev][Date Next] [Chronological] [Thread] [Top]

openldap + sasl + plain|login + pam

It seems from reading various faqs documentation that it is possible to 
configure my openldap server to authenticate users binding to it with 
SASL as the backend using PLAIN|LOGIN to authenticate.

As SASL (on my RH 7.3 system) has pam in plain|login, it seems possible to 
configure a /usr/lib/sasl/slapd.conf to contain pwcheck_method: pam and 
then have a /etc/pam.d/ldap??? containing relevant lines.

essentially, is it possible to have ldap behave much like authenticated 
smtp does using the sasl library?

if i query my openldap server for 

ldapsearch -x -H ldaps:// -b "" -s base supportedSASLMechanisms

I get

supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: ANONYMOUS

Has anyone done this? is it possible?


Tom Ryan                                            Voice: 856-225-6361
Consulting System Administrator                       Fax: 856-969-7900
Rutgers School of Law - Camden