[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenLDAP and Cyrus SASL

You asked essentially the same question not more than 24 hours ago. The
answer today is the same as it was yesterday.

Read the Admin Guide. http://www.openldap.org/doc/admin21/

sasl-regexp is only provided in OpenLDAP 2.1. Cyrus SASL 2.1 is only
supported in OpenLDAP 2.1. Your OpenLDAP 2.0.23 will not work with Cyrus SASL
2.1. Cyrus SASL 2.1.2 is too buggy to use regardless, most of the mechs crash
right away.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of
> Karl Lattimer
> Sent: Monday, March 03, 2003 4:18 AM
> To: OpenLDAP-software@OpenLDAP.org
> Subject: OpenLDAP and Cyrus SASL
> When using SASL with OpenLDAP do I need to add an entry into the LDAP
> directory specifically for authentication?
> I am of the understanding that I don't, instead I use a login
> name on the
> LDAP server like
> uid=someuser,cn=DIGEST-MD5,cn=auth
> With the SASL-regexp directive set as
> sasl-regexp
>         uid=(.*),cn=.*,cn=auth
>         uid=$1,ou=People,o=myorganisation
> I'm a little confused as to how these plug together so please help!
> If this isn't the case could someone tell me what I need to
> do to get users
> authenticating against SASL?
> i.e. what I should put in an LDIF file to add to the LDAP server
> I would also like to know if I can store the manager password in SASL?
> Also what access controls could I use so anyone in the sales
> ou could write
> to that ou and read from all others, but users who haven't
> authenticated
> can't read anything?
> Thanks in advance
>         Karl
> Extra information
> -----------------
> openldap-2.0.23-4 (is linked against SASL)
> 	ldbm database
> cyrus-sasl-2.1.2-1
> OS: redhat 7.3
> also using SASL for Cyrus IMAPd and in the future SMTP auth.