[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: external authentication in openldap




>>i am trying to set up an openldap (or netscape ldap) server , that
>>holds the  user data, but not the passwords. the authentication should
>>actually be done  by a third party, but transparent to the applications
>>that use the ldap  server to authenticate.

Use want to use SASL authentication and then set up SASL to do
authentication via a pwcheck daemon in an arbitrary way. pwcheck daemons
exist which can authentication via sasldb, sql, or another ldap. for
information on this, see the cyrus projects  http://asg.web.cmu.edu/cyrus/
which use sasl extensively. I'm afraid I can't tell you how to get
OpenLDAP to use sasl authentication, though; I've never done it and there
doesn't seem to be a lot of information out there.