[Date Prev][Date Next] [Chronological] [Thread] [Top]

Understanding the need for different auth methods in OpenLDAP

I need some help understanding the auth methods in OpenLDAP, I am using
2.1.29 on FreeBSD 5.2.1. I understand the concept of SASL, but if we are
not going to use Kerberos or sasldb for authentication at this point,
would it be necessary to prepare OpenLDAP for SASL? Or is it not a good
thing to use the simple binding to OpenLDAP. Right now, we have plans
for using OpenLDAP to authenticate Cyrus-IMAPD and use SASL with the '-a
ldap' option. If saslauthd is using LDAP, there is no need for SASL auth
setup in OpenLDAP, correct?

We do have plans to use Heimdal KerberosV, but have decided to wait
since we are having issues getting it to store principals in LDAP. Due
to time limitations, we need to have the IMAP server up very soon, and
we figure to mess around with that on another server later and migrate
to Heimdal once all is working well. Is this going to present a problem
for us? We are even still debating on how easy it will be to manage
passwords in Heimdal versus OpenLDAP, why not keep everything in
OpenLDAP with good ACL's applied to secure all?