[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: >Proxy Just Binds/Authentications from another LDAP?



Don Hoover wrote:
Well, I have been working on this question and have had an idea.


Would a way to accomplish this is by using SASL? It took me about 10
minutes
to figure out how to configure saslauthd to verify binds to the other LDAP server.

Openldap can use SASL right? So I just need to get slapd to use SASL to
verify the binds to the other external ldap server.


So I would have:
ldapclient bind request->  openldap slapd ->  SASL->  external ldap server bind

Is this a good idea?

It would work. Whether it's a good idea or not... The mailing list archives are already full of discussions on that topic, no point in repeating.

I don't see how to make slapd use the sasl server for this though, the
only
examples I can find are to use kerberos.

Any ideas on how to get slapd to just use sasl like I have it setup?

You have to configure OpenLDAP with --enable-spasswd. And then you have to actually set the proper values in each user's userPassword.

You should also look into the ITS contributions.

http://www.openldap.org/its/index.cgi/Contrib?id=5042
http://www.openldap.org/its/index.cgi/Contrib?id=5856

They still need some cleaning up, which is why they have not been pushed into CVS yet.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/