[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Administrator's Guide needs sasl-host sasl-realm (ITS#2313)



Perhaps you could be more specific about which SASL mechanisms you've used
that require this extra configuration. I routinely use GSSAPI and DIGEST-MD5
and have never needed to specify sasl-host or sasl-realm in slapd.conf. I
also use EXTERNAL with TLS which, of course, does not require any additional
configuration.

In my experience, the default value of sasl-realm is correct and sasl-host is
irrelevant. If your experience differs, I believe the problem lies in your
SASL installation. And while we may view the Admin Guide as a primer to
setting up OpenLDAP, it is not appropriate to turn it into a primer on how to
set up and configure SASL. There are other resources for that.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-bugs@OpenLDAP.org
> [mailto:owner-openldap-bugs@OpenLDAP.org]On Behalf Of sfrost@snowman.net

> --14PCYtZiSn5RZRtk
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
> * brian.derocher@mitretek.org (brian.derocher@mitretek.org) wrote:
> > The point is that sasl-host and sasl-realm are required for
> strong=20
> > authentication and this warrants their mentioning in the
> Admin Guide.  At=
> =20
> > least for me, setting these options changed my installation
> from not work=
> ing=20
> > to working and resolved two days of hassle.
>
> Same here wrt fighting with things to get SASL to work.  No idea why,
> but setting sasl-realm primairly seems to be necessary for things to
> work as I expect.  Of course, I'm still fighting the All-whitespace
> username game with SASL and the ldap clients atm.
>
> 	Stephen
>
> --14PCYtZiSn5RZRtk
> Content-Type: application/pgp-signature
> Content-Disposition: inline
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
>
> iD8DBQE+U9HprzgMPqB3kigRAqvxAJ9xODbTylp86SMY2Eyk8Ep7n8C14gCfWX12
> ifxsqKxpvMANul3TdQ//TiA=
> =tFOj
> -----END PGP SIGNATURE-----
>
> --14PCYtZiSn5RZRtk--
>
>
>