[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP + Kerberos not allowing simple binds

To: Robert <Robertedstrom@yahoo.com>
Subject: Re: LDAP + Kerberos not allowing simple binds
From: Jose Gonzalez Gomez <jgonzalez@opentechnet.com>
Date: Sat, 14 Aug 2004 18:06:33 +0200
Cc: openldap-software@OpenLDAP.org
In-reply-to: <cflbqr$dql$1@sea.gmane.org>
References: <cfjfh0$cal$1@sea.gmane.org> <411E29BE.6050002@opentechnet.com> <cflbqr$dql$1@sea.gmane.org>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2) Gecko/20040814

Robert wrote:

"Jose Gonzalez Gomez" <jgonzalez@opentechnet.com> wrote in message 411E29BE.6050002@opentechnet.com">news:411E29BE.6050002@opentechnet.com...

{KERBEROS} is deprecated (I think). In order to use {SASL} you must compile OpenLDAP with a special option (--with-spasswd??). Have you done that?
Yes, openldap was built with --with-spasswd.  Anything else I need to do to
either openldap or cyrus-sasl?
Thanks
Robert

I should check with my installation (I won't be able to do that until monday, probably) but I think you need a file in /etc/sasl2/slapd.conf (or something similar) indicating the mechanism to use... if you use Kerberos you could probably use saslauthd as the mechanism and then set saslauthd to check passwords against Kerberos (saslauthd -a kerberos)... check this by yourself, as I'm typing without looking at the docs, and my memory is horrible.

   Best regards
   Jose

Follow-Ups:
- Re: LDAP + Kerberos not allowing simple binds
  - From: "Robert" <Robertedstrom@yahoo.com>

References:
- LDAP + Kerberos not allowing simple binds
  - From: "Robert" <Robertedstrom@yahoo.com>
- Re: LDAP + Kerberos not allowing simple binds
  - From: Jose Gonzalez Gomez <jgonzalez@opentechnet.com>
- Re: LDAP + Kerberos not allowing simple binds
  - From: "Robert" <Robertedstrom@yahoo.com>

Prev by Date: Re: LDAP + Kerberos not allowing simple binds
Next by Date: RE: Master replication server reliability
Index(es):
- Chronological
- Thread