[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP and SASL

To: openldap-software@openldap.org
Subject: Re: OpenLDAP and SASL
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Fri, 04 Sep 2009 14:49:27 +0200
In-reply-to: <4A9FF58C.5040505@gmail.com> (Jittinan Suwanrueangsri's message of "Thu, 03 Sep 2009 23:57:48 +0700")
References: <4A9FF58C.5040505@gmail.com>
User-agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b28 (linux)

Jittinan Suwanrueangsri <jittinan2@gmail.com> writes:

> Hi
>
> I have seen configuration which sasl get password from sasldb .I must
> run saslpasswd2 to create user and password for authentication but Is
> it possible to configure openldap and sasl verify authentication by
> getting password from openldap self like it happen in simple
> binding(userPassword attribute).How can I do it?

There is nothing special to do. ldapsearch -Y DIGEST-MD5 -U foo -w
secret -H ldap://myhost -b dc=example,dc=com ...
All you have to do is to set the userPassword value as plaintext,
otherwise the challenge cannot be created. If you want to parse the
sasl authentication string to a DN, than you have to define a
authz-regexp in in slapd.conf(5) and the user has to have a uid
attribute.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:8EF7B6C6
53°37'09,95"N
10°08'02,42"E

Follow-Ups:
- Re: OpenLDAP and SASL
  - From: Jittinan Suwanrueangsri <jittinan2@gmail.com>

References:
- OpenLDAP and SASL
  - From: Jittinan Suwanrueangsri <jittinan2@gmail.com>

Prev by Date: Re: ACL problem in slapd.conf
Next by Date: Re: ACL problem in slapd.conf
Index(es):
- Chronological
- Thread