[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: whose responsability



Thanks for your response!

But who is doing the comunication with saslauthd, the slap daemon
process or the ldapsearch process ?

Thanks once more!

On Sun, Jul 10, 2011 at 5:41 PM, Dan White <dwhite@olp.net> wrote:
> On 10/07/11 17:08 -0300, Friedrich Locke wrote:
>>
>> Hi,
>>
>> i have installed and configured openldap and so far, so good. But i
>> have a simple doubt.
>>
>> Up to now, all users i have added to the ldap server have a field:
>>
>> userPassword: {SASL}user@domain
>>
>> I am connecting to retrieve the entry attributes with the following
>> command:
>>
>> ldapsearch -x -w PASSWORD -D uid=user,ou=people,dc=my,dc=domain -b
>> uid=user,ou=people,dc=my,dc=domain
>>
>> And everyting works ok.
>> My doubt is:
>>
>>       who is performing the password checking? The openldap server
>> daemon (slapd) ou the ldapsearch ?
>
> When userPassword is configured with '{SASL}user@domain', you are using
> SASL pass-through authentication. See section 14.5 (Pass-Through
> authentication) of the OpenLDAP Administrator's Guide for documentation.
>
> In such a scenario, authentication is ultimately handled by the libsasl2
> glue layer, and is controlled by the configuration of your sasl slapd.conf
> file, which is typically found in /usr/lib/sasl2/slapd.conf.
>
> Presumably you've configured pass-through authentication because of a need
> to authenticate against a saslauthd daemon (pwcheck_method: saslauthd).
>
> --
> Dan White
>