[Date Prev][Date Next] [Chronological] [Thread] [Top]

Storing SASL secrets in the directory

Following hyc's message of 7th May, I am trying to get in-directory
storage of SASL secrets working. The environment is:

	Red Hat Linux 7.3
	OpenLDAP HEAD as of 11 July 2002
	Cyrus SASL 2.1.5

Basic SASL operation using sasldb works OK, as does plaintext
authentication without SASL. Mapping from SASL IDs to DNs is set up
using the LDAP URL method.

Now, trying to authenticate using SASL to an entry in the database
that has a plaintext userPassword, I have added the config file
/usr/lib/sasl2/slapd.conf :

	# SASL2 config file for slapd

	# Tell slapd to use itself for secret storage
	auxprop_plugin: slapd

This prevents sasldb users from authenticating so I know it has been
read! However, I cannot make it authenticate against secrets in the
directory. Logs do not show anything much of use - I do not even see
the search that converts SASL IDs to DNs.

A config example would be much appreciated.


|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|        Andrew.Findlay@skills-1st.co.uk       +44 1628 782565        |