[Date Prev][Date Next]
Re: DIGEST-MD5 and CRAM-MD5 again.
Igor Karpov <firstname.lastname@example.org> writes:
> Alright, I have LDAP auth (for this time, cyrus->saslauthd->openldap)
> working with PLAIN and LOGIN. For I'm using TLS between MUAs and cyrus
> it would be enough, but I also want to add MD5-CRAM & MD5-DIGEST to
> Now I have to admit I'm stuck and need a help.
> It's a pity, but O'Reilly's "LDAP System Administration" becomes too
> laconic when it comes to SASL. The short example from this book
> describes Kerberos-based solution. I agree, it is useful for those
> who's running Kerberos, but completely useless for those who's not.
> Can anyone to show me what have to be changed to add this
Nothing has to be changed (in principle), but as my sasl realm is
different from host.domain.tld I added a sasl-realm directive in
> Should slapd.conf still include rootpw & rootdn? If not, how openldap
> decides who have right to perform different actions on its tree -
> basing on ACLs?
you can keep rootdn and rootpw in an entry and have them removed from
> I'm sorry I'm asking too many questions in one letter, but I feel I'm
> lost with this...
I presume you have cyrus-sasl compiled with ldap support, so your
directory contains all users and passwords, alternatively you have
created sasldb2 with users credentials. To make use of a sasl
mechanism you just pass this mechanism as parameter to an ldapclient
like ldapsearch, i.e.
ldapsearch -Y DIGEST-MD5 -b "your base"
Dieter Kluenter | Systemberatung
Tel:040.64861967 | Fax: 040.64891521