[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP and SASL

To: Aaron Richton <richton@nbcs.rutgers.edu>
Subject: Re: OpenLDAP and SASL
From: Howard Chu <hyc@symas.com>
Date: Fri, 04 Sep 2009 10:28:53 -0700
Cc: openldap-software@openldap.org, Jittinan Suwanrueangsri <jittinan2@gmail.com>
In-reply-to: <Pine.SOC.4.64.0909041225100.27748@toolbox.rutgers.edu>
References: <4A9FF58C.5040505@gmail.com> <Pine.SOC.4.64.0909041225100.27748@toolbox.rutgers.edu>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; rv:1.9.1b5pre) Gecko/20090819 SeaMonkey/2.0a1pre Firefox/3.0.3

Aaron Richton wrote:

On Thu, 3 Sep 2009, Jittinan Suwanrueangsri wrote:

I have seen configuration which sasl get password from sasldb .I must run
saslpasswd2 to create user and password for authentication but Is it possible
to configure openldap and sasl verify authentication by getting password from
openldap self like it happen in simple binding(userPassword attribute).How
can I do it?


It's not entirely clear to me, but you may be looking for --enable-spasswd
(configure argument) to allow {SASL} password scheme in the userPassword
attribute. Examples (mostly focusing around Kerberos, I believe) are in
the list archives and probably the FAQ-O-Matic.

No, that tells slapd to ask SASL to do a password check, typically usingsasldb. He wants to use in-directory SASL secrets, which is the opposite ofwhat you answered.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- OpenLDAP and SASL
  - From: Jittinan Suwanrueangsri <jittinan2@gmail.com>
- Re: OpenLDAP and SASL
  - From: Aaron Richton <richton@nbcs.rutgers.edu>

Prev by Date: Strange issue with replication in mirror mode
Next by Date: Re: Using SASL OTP
Index(es):
- Chronological
- Thread