[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP authenticaton against PAM how-to

Emmanuel Dreyfus <manu@netbsd.org> wrote:

> 4.3 Populate the directory, make sure that user
> cn=jdoe,dc=example,dc=net has this:
> userPassword: {SASL}jdoe

For some reason I don't understand, slapd will cut the shortest @
suffix. That's a problem if one want to use SASL to reach a RADIUS
authentication with huntgroup.

For instance
userPassword: {SASL}jdoe@huntgroup
will cause the user to be "jdoe" instead of "jdoe@huntgroup".

The fix: add a trailing @:
userPassword: {SASL}jdoe@huntgroup@
the user will be "jdoe@huntgroup".

Emmanuel Dreyfus