[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd circularity?

Ryan Lovett wrote:
 I'm having trouble strong-binding Mac clients to an OpenLDAP server and I
think its due to my confusion about the SASL configuration. I'm seeing the

slap_ap_lookup: str2ad(cmusaslsecretCRAM-MD5): attribute type undefined

This message is harmless.

in the slapd output. It looks like slapd is being querried for the
cmusaslsecretCRAM-MD5 attribute while I want slapd to use the userPassword
attribute where I've stored CRYPT passwords. (from an NIS conversion)

SASL strong authentication mechanisms require access to a plaintext password. Crypt will not work.

 For this to happen, do I configure SASL via /usr/lib/sasl2/slapd.conf to
use an ldapdb storage?

No. The ldapdb docs explicitly say never to do this. slapd has its own SASL auxprop mechanism built in and doesn't need anything else.

 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/