Re: OpenLDAP with Unix Authentication

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

If you want to authenticate to an OpenLDAP server using your
Unix login/password, then you'll likely need to use the
SASL PLAIN mechanism.  The first step is to configure Cyrus
SASL so it uses the Unix login/password information (through
the saslauthd).  Questions in this area should be directed to
the Cyrus SASL list.  Once you have this working, SASL PLAIN
should just work with slapd(8).  Questions in this area can be
directed here.

If you want to use Unix passwords with LDAP simple bind
(DN/password), the you can either use the {SASL}user userPassword
values (to kick the authentication to SASL) or {UNIX}user (to
kick it to UNIX).

Kurt

At 06:22 AM 7/27/2006, Randall Hobbs wrote:
>Hi guys. I hope I'm asking this in the right place - if not, I apologize.
>What I am looking for is a quick how-to on setting up OpenLDAP with Unix
>type authentication. I have a company directory that I have started on, and
>I can query it with no problems. I want to be able to basically password
>protect that so that our users can use their Unix username and password to
>access
>the directory (I don't want just anybody accessing it, and I don't want to
>use simple authentication because I've taught our users how to change their
>passwords, etc., and I'd hate to make them keep track of another password
>when they could realistically work with just one). All of the how-to's seem
>to be opposite of what I'm looking for (using LDAP to authenticate users for
>Linux login, Postfix, etc., and not using PAM or SASL to authenticate users
>based
>on their Linux/Unix accounts).
>
>Of the documents I've found, none of them cover LOGIN or PLAIN type mech for
>SASL with OpenLDAP, so I've been trying to work through it on my own. I've
>had no luck yet. Any info would be appreciated.
>
>Thanks!
>
>--
>Randall Hobbs - IT Director
>The Reliant Innovation Group, LLC
>Cell: (850) 200-5661 / Office: (850) 502-4646
>