[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP authenticaton against PAM how-to

To: openldap-software@openldap.org
Subject: Re: LDAP authenticaton against PAM how-to
From: manu@netbsd.org (Emmanuel Dreyfus)
Date: Wed, 14 Feb 2007 21:09:26 +0100
In-reply-to: <1ht8qpk.kmgn6f14rcwt4M%manu@netbsd.org>
User-agent: MacSOUP/2.7 (unregistered)

Emmanuel Dreyfus <manu@netbsd.org> wrote:

> 4.3 Populate the directory, make sure that user
> cn=jdoe,dc=example,dc=net has this:
> userPassword: {SASL}jdoe

For some reason I don't understand, slapd will cut the shortest @
suffix. That's a problem if one want to use SASL to reach a RADIUS
authentication with huntgroup.

For instance
userPassword: {SASL}jdoe@huntgroup
will cause the user to be "jdoe" instead of "jdoe@huntgroup".

The fix: add a trailing @:
userPassword: {SASL}jdoe@huntgroup@
the user will be "jdoe@huntgroup".

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org

References:
- LDAP authenticaton against PAM how-to
  - From: manu@netbsd.org (Emmanuel Dreyfus)

Prev by Date: Re: ACIs and OL 2.3, rfc ?
Next by Date: objectClass in entry attribute order
Index(es):
- Chronological
- Thread