[Date Prev][Date Next]
userPassword: Can it store SASL and unix/NSS_LDAP secrets?
- To: openldap-software@OpenLDAP.org
- Subject: userPassword: Can it store SASL and unix/NSS_LDAP secrets?
- From: Richard CHAN Shih-Ping <email@example.com>
- Date: Fri, 29 Nov 2002 09:36:55 +0800
- User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021128
I'm trying to make my directory a one-stop shop for all authentication.
It is possible for the LDAP directory to manage SASL secrets for access
to the directory
and a separate password for access to UNIX systems using nsswitch NSS_LDAP?
Hope you can clarify my understanding of in-directory SASL secrets; it goes
something like this (please please jump in and correct me):
For UNIX logons you need like
and configure nsswitch.conf to use nss_ldap for logon.
This gets reused for LDAP simple auth and SASL plain, right?
(Can you tell them to use another attribute if I don't want to
overload this attr?)
(BTW OpenLDAP provides a callback to SASL2 so that the PLAIN
mechanism always checks in-directory secrets; this confused me
because it wouldn't use sasldb2. Right? What's even more confusing
is the the DIGEST-MD5 mechanism doesn't use the callback and needs
further configuring. I respectfully suggest that the admin guide on SASL
needs to include lots of examples of /etc/openldap/slapd.conf
For in-directory SASL secrets you need
[Is this correct? The documentation is not very clear here]
and in the directory itself
So is it possible to manage *both* secrets at the same time.
userPassword_for_UNIX and a