[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL tips worth adding to documentation?

To: openldap-software@OpenLDAP.org
Subject: SASL tips worth adding to documentation?
From: Aleksander Adamowski <aleksander.adamowski@altkom.pl>
Date: Thu, 04 Dec 2003 18:20:47 +0100
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030630

Hi!
I've been playing with SASL auth in OpenLDAP 2.1.

Basically, the documentation page on
<http://www.openldap.org/doc/admin21/sasl.html> lacks most info needed
to get SASL working in almost any setup...

E.g. it's not mentioned anywhere that one needs to give unauthenticated
users read permissions to the supportedSASLMechanisms attribute, or else
some clients (even those shipped with OpenLDAP!) won't be able to get
the list of supported mechs and terminate with an error before even
trying to authenticate!

So one needs something like this:

access to attrs=supportedSASLMechanisms
 by peername=192\.168\.0\..* read

to enable this for machines on local network 192.168.0.0/24.


The documentation page also lacks description of sasl-related directives
(that are documented in slapd.conf manpage, but weakly).

So I propose that anybody who reads this share his/her tips related to
SASL in OpenLDAP and then we'll submit collected info for inclusion in
the admin guide at <http://www.openldap.org/doc/admin21/sasl.html>.

Best regards,
--
 Aleksander Adamowski
   Jabber JID (to nie e-mail!): olo@jabber.altkom.pl
   GG#: 274614
   ICQ UIN: 19780575
   http://olo.office.altkom.com.pl

Follow-Ups:
- Re: SASL tips worth adding to documentation?
  - From: Johnny Casey <jjcasey@pobox.com>
- Re: SASL tips worth adding to documentation?
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: SLAPD stop working.
Next by Date: Re: 'quote-insensitive' search
Index(es):
- Chronological
- Thread