[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP authenticaton against PAM how-to

To: Emmanuel Dreyfus <manu@netbsd.org>
Subject: Re: LDAP authenticaton against PAM how-to
From: Howard Chu <hyc@symas.com>
Date: Sat, 10 Feb 2007 04:15:29 -0800
Cc: openldap-software@openldap.org
In-reply-to: <1htb55n.9ywgoalvf79cM%manu@netbsd.org>
References: <1htb55n.9ywgoalvf79cM%manu@netbsd.org>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060911 Netscape/7.2 (ax) Firefox/1.5 SeaMonkey/1.5a

Emmanuel Dreyfus wrote:

I could not even find a place where it is said that userPassword should be {SASL} followed by the login.
The use of this mechanism is not recommended. We don't document deprecated
mechanisms.
Then what is the recommended method? I did not find that information.
What should go in that field?


Of course you could always have checked the FAQ.
http://www.openldap.org/faq/data/cache/944.html

[ACL log output is meaningless]

That was not a flame, just a statement of fact. The same as if the messages
were written in Greek and you didn't know how to read Greek. If you don't
know the language, you're in no position to judge if it is meaningful or not.


Except that I can go to the bookstore and buy a book to learn greek. I'm
not aware of any document explaining how to understand what goes wrong
in slapd ACL.

You're clearly not aware of a lot. As other posters have already indicated, there's plenty of information out there, and a search on simple keywords like "SASL" and "userpassword" would have been all that was necessary to find the answers in this case.

Your failure to find answers doesn't prove that they don't exist. (Obviously - it's impossible to prove nonexistence of a thing.) If you had asked first, someone might have pointed you in the right direction and saved you a lot of effort.

Show us your ACL configuration, a sample operation, and the logs that are
produced.


Now it works, so there is no more problem to solve, but you'll jave the
opportunity to show me I'm wrong and tell me where is the relevant
information on the next ACL probem I'll encounter.

My statement above was an offer to help explain anything you might want explained. Frankly I have better things to do with my time than try to teach people who are so unwilling to learn. But yes, if you post "Here's how to do X" and I see that there's something wrong, I will say it's wrong. If you're actually interested in learning how to use the software, you'll pay attention. If you're just looking for a gold star and a pat on the head, go back to kindergarten.

--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  Chief Architect, OpenLDAP     http://www.openldap.org/project/

Follow-Ups:
- Re: LDAP authenticaton against PAM how-to
  - From: manu@netbsd.org (Emmanuel Dreyfus)
- Re: LDAP authenticaton against PAM how-to
  - From: TechnoSophos <technosophos@gmail.com>

References:
- Re: LDAP authenticaton against PAM how-to
  - From: manu@netbsd.org (Emmanuel Dreyfus)

Prev by Date: Ldap authenticate group members
Next by Date: Re: LDAP authenticaton against PAM how-to
Index(es):
- Chronological
- Thread