[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap + sasl + plain|login + pam

Sorry to post so quickly again, but this is working now for me.

by putting just sasl-secprops none in slapd.conf, setting up 
/usr/lib/sasl/slapd.conf and /etc/pam.d/ldap

and changing ldap.conf to include SASL_SECPROPS none, I can now 
authenticate using pam.

Hope this helps someone else!


On Wed, 10 Jul 2002, Tom Ryan wrote:

> It seems from reading various faqs documentation that it is possible to 
> configure my openldap server to authenticate users binding to it with 
> SASL as the backend using PLAIN|LOGIN to authenticate.
> As SASL (on my RH 7.3 system) has pam in plain|login, it seems possible to 
> configure a /usr/lib/sasl/slapd.conf to contain pwcheck_method: pam and 
> then have a /etc/pam.d/ldap??? containing relevant lines.
> essentially, is it possible to have ldap behave much like authenticated 
> smtp does using the sasl library?
> if i query my openldap server for 
> ldapsearch -x -H ldaps:// -b "" -s base supportedSASLMechanisms
> I get
> supportedSASLMechanisms: PLAIN
> supportedSASLMechanisms: LOGIN
> supportedSASLMechanisms: ANONYMOUS
> Has anyone done this? is it possible?
> Tom

Tom Ryan                                            Voice: 856-225-6361
Consulting System Administrator                       Fax: 856-969-7900
Rutgers School of Law - Camden