[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP + Kerberos not allowing simple binds

Robert wrote:

"Jose Gonzalez Gomez" <jgonzalez@opentechnet.com> wrote in message

{KERBEROS} is deprecated (I think). In order to use {SASL} you must
compile OpenLDAP with a special option (--with-spasswd??). Have you done

Yes, openldap was built with --with-spasswd. Anything else I need to do to either openldap or cyrus-sasl?


I should check with my installation (I won't be able to do that until monday, probably) but I think you need a file in /etc/sasl2/slapd.conf (or something similar) indicating the mechanism to use... if you use Kerberos you could probably use saslauthd as the mechanism and then set saslauthd to check passwords against Kerberos (saslauthd -a kerberos)... check this by yourself, as I'm typing without looking at the docs, and my memory is horrible.

   Best regards