[Date Prev][Date Next]
Re: SASL MD5 - another try
Alexander Lunyov <firstname.lastname@example.org> writes:
> Hello Dieter,
> Wednesday, July 16, 2003, 6:11:26 PM, you wrote:
> DK> Hi,
> DK> Alexander Lunyov <email@example.com> writes:
>>> Hello openldap-software,
>>> I'm still don't get it. Let's play it step by step.
>>> 1. Install Cyrus-SASL 2.1.13 with default options in configure
>>> (not me, it's port in FreeBSD). 2. Install OpenLDAP 2.1.21 with
>>> --enable-sasl option in configure (also port). 3. Configure
>>> slapd.conf and add proper sasl-regexp option. 4. Get LDAP database
>>> filled. 5. Then i'm trying to bind to LDAP with -Y DIGEST-MD5 and
>>> result same as before - logs are growing fast with "daemon: select
>>> timeout - yielding" entry. And that's all.
>>> I dreaming to get some error that you people have - but i've got
>>> only that "select timeout" and nobody seems to know what is
>>> The questions are:
>>> 1. Is SASL really works with LDAP (stupid question? i don't think
>>> so)? 2. Do i need to config SASL in some way? 3. Do i need to
>>> compile ldapdb auxprop plugin for SASL? 4. Can anyone if you have
>>> SASL & LDAP working together write some small step by step howto?
> DK> You have to add users and password to sasldb. saslpasswd2 -a ldap
> DK> -u <sasl-realm> -c <user>
> Huh? What for? According to
> Secret passwords are normally stored in Cyrus SASL's own sasldb
> database, but if
> OpenLDAP has been compiled with Cyrus SASL 2.1 it is possible to
> store the
> secrets in the LDAP database itself.
> That's what all this mess with SASL for. I need users and their
> passwords stored in LDAP (that's what i already have) and now i
> want DIGEST-MD5 authentication for some services (such
That is correct in principle :-)
If you store your userid's and passwords in a directory instead of
sasldb you have to configure sasl and your application (imapd) to look
up the directory. But that is a sasl issue and not an openldap topic.
Dieter Kluenter | Systemberatung
Tel:040.64861967 | Fax: 040.64891521