[Date Prev][Date Next]
Re: SASL authentication
fre, 2003-01-31 kl. 17:03 skrev Vincent FONTENEAU:
> I'm triing to configure an openldap database with SASL Digest-md5
> authentication. I've success in making openldap database with no SASL
> I'm little newbie in openldap and I'am triing to configure SASL for 1
> week now.
This is all Openldap 2.1.10, Cyrus SASL 2.1.10, Berkeley BDB 4.1.24:
> Is somebody know where I could find a good doc to configure openldap
> with SASL,
Cyrus SASL (2.1.10) docs, just follow them - if you've compiled and
installed it correctly and then compiled Openldap against it:
> i mean configure slapd.conf,
> ldif file
Same as for normal Openldap. All passwords for Openldap DIGEST-MD5 users
must be in cleartext in the DIT (userPassword).
Isn't necessary for Openldap.
> how to declare saslpasswd
No special saslpasswd
> do I need saslatuhd
You mean saslauthd. No, you don't
> and sasl.conf file ?
Not for Openldap, but running the Cyrus test program is fun, when you
get it to work. This is all in the Cyrus SASL documentation.
> I really don't know
> how to do.
Archives, for this mailing list, especially July 12/13 2002 with Howard
Chu's explanation and the esuing enlightenment for all.
> Even if i want to use slurpd with SASL how to do ?
No idea, haven't got that far and don't use SASL at the moment, anyway
(I use SSL/TLS and cleartext passwords, 'cos that's what my apps use).
I have this normal suffix in slapd.conf (it's not specially for
and for SASL DIGEST-MD5 in slapd.conf:
Looking for cn=Tom Smith, authenticating as tonye:
ldapsearch -Y DIGEST-MD5 -b -U tonye 'cn=tom smith'
The above obviously have to exist, but they're not special for SASL.
-U is the SASL authcid (*man ldapsearch*). You have the same rights as
your normal ACLs give you.
When all's said and done ...
there's nothing left to say or do.