[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL MD5 - another try


Alexander Lunyov <lan_mailing@startatom.ru> writes:

> Hello Dieter,
> Wednesday, July 16, 2003, 6:11:26 PM, you wrote:
> DK> Hi,
> DK> Alexander Lunyov <lan_mailing@startatom.ru> writes:
>>> Hello openldap-software,
>>>   I'm still don't get it. Let's play it step by step.
>>>   1. Install Cyrus-SASL 2.1.13 with default options in configure
>>> (not me, it's port in FreeBSD).  2. Install OpenLDAP 2.1.21 with
>>> --enable-sasl option in configure (also port).  3. Configure
>>> slapd.conf and add proper sasl-regexp option.  4. Get LDAP database
>>> filled.  5. Then i'm trying to bind to LDAP with -Y DIGEST-MD5 and
>>> result same as before - logs are growing fast with "daemon: select
>>> timeout - yielding" entry. And that's all.
>>>   I dreaming to get some error that you people have - but i've got
>>> only that "select timeout" and nobody seems to know what is
>>> happening.
>>>   The questions are:
>>>   1. Is SASL really works with LDAP (stupid question? i don't think
>>> so)?  2. Do i need to config SASL in some way?  3. Do i need to
>>> compile ldapdb auxprop plugin for SASL?  4. Can anyone if you have
>>> SASL & LDAP working together write some small step by step howto?
> DK> You have to add users and password to sasldb.  saslpasswd2 -a ldap
> DK> -u <sasl-realm> -c <user>
>     Huh? What for? According to
>     http://www.openldap.org/doc/admin21/sasl.html
>     Secret passwords are normally stored in Cyrus SASL's own sasldb
> database, but if
>     OpenLDAP has been compiled with Cyrus SASL 2.1 it is possible to
> store the
>     secrets in the LDAP database itself.
>     That's what all this mess with SASL for. I need users and their
>     passwords stored in LDAP (that's what i already have) and now i
>     want DIGEST-MD5 authentication for some services (such
>     Cyrus-IMAPD).

That is correct in principle :-)
If you store your userid's and passwords in a directory instead of
sasldb you have to configure sasl and your application (imapd) to look
up the directory. But that is a sasl issue and not an openldap topic.


Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de