On Mon, Feb 20, 2006 at 09:33:46AM -0500, Francis Swasey wrote:
Folks,
Having been bitten by someone installing a SASL mechanism on a server
that also is one of my LDAP servers which was not configured (it
happened to be Red Hat decided this mechanism is required to have
sendmail on the system, but it could have been another sys admin).. I
am wondering why we have to play with "sasl-secprops" to tell slapd what
types of mechanisms are not wanted.
Is there a problem with providing a "sasl-mechanisms" config option
that would list (GSSAPI, CRAM-MD5, etc) the specific mechanisms we
wanted to support?
That's a SASL configuration. Try creating this file:
/usr/lib/sasl2/slapd.conf
pwcheck_method: auxprop
mech_list: DIGEST-MD5 CRAM-MD5
List the SASL mechanisms you want slapd to offer. If you intend to offer
plain text mechanisms, then you will also have to use "sasl-secprops
none" in slapd.conf.