[Date Prev][Date Next]
Re: OpenLDAP & Cyrus-SASL: how to specify mech_list
Timo Felbinger <email@example.com> writes:
> what is the correct way to specify the list of allowed SASL mechanisms,
> in an OpenLDAP-server using Cyrus-SASL?
> The cyrus-sasl documentation mentions the option mech_list, but I cannot
> figure out where and how to specify this. Following some examples I found
> on the net, I tried to include e.g.
> sasl-mech_list: PLAIN
> into my slapd.conf, which I hoped would disable all SASL mechanisms but
> PLAIN, but it didn't have any effect: the server still allowed me to
> authenticate using e.g. EXTERNAL authentication.
There is now configuration option to declare valid SASL mechanisms,
slapd will happily accept all available mechanisms. PLAIN is diabled
except when used with a secure transport layer and on local socket,
same applies to EXTERNAL.
> I also tried to specify mech_list in a separate per-application config
> file for the sasl library,
> but this file does not even get accessed by the server.
> What am I missing here?
Reading the admin guide?
> And: is there a way to obtain from the server a complete list of
> authentication mechanisms which it is willing to accept?
ldapsearch -x -H ldap://your.host -b "" -s base \
Dieter Klünter | Systemberatung
GPG Key ID:8EF7B6C6