[Date Prev][Date Next]
Re: ldapsearch and sasl
James Wilde wrote:
I thought my sasl lines in slapd.conf were intended to translate the dnSASL only knows about usernames. OpenLDAP / slapd converts user names
into DNs and looks them up. It will also use regular usernames in
sasldb2 if they exist, but that's not the preferred method.
to sasl format and the sasl user Manager@glocalnet.net exists in the
sasldb2 database, together with the same password. But it is of course
the other way round, that sasl converts user names to the dn and looks
for their password in the ldap directory.
I have been - and probably still am - a bit confused as to the role ofThe primary purpose of SASL is to perform authentication. Encryption is
an optional feature, and is only supported by a subset of SASL mechanisms.
sasl in all this. I have been assuming that the sole role of sasl is to
encrypt the communication between client and server. I'm not at all
clear as to how many of my users I have to have in the sasl database,
but at the moment I only have Manager@glocalnet.net, that is the
equivalent of the rootdn in ldap.
I don't know why the creators of openldap moved to sasl instead ofThere was no "moved to instead of" to speak of. TLS/SSL are supported
for encryption. SASL is supported for strong authentication. They are
fairly complementary and both may be used concurrently.
staying with tls/ssl. Maybe someone can explain this.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support