[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Administrator's Guide needs sasl-host sasl-realm (ITS#2313)
Perhaps you could be more specific about which SASL mechanisms you've used
that require this extra configuration. I routinely use GSSAPI and DIGEST-MD5
and have never needed to specify sasl-host or sasl-realm in slapd.conf. I
also use EXTERNAL with TLS which, of course, does not require any additional
configuration.
In my experience, the default value of sasl-realm is correct and sasl-host is
irrelevant. If your experience differs, I believe the problem lies in your
SASL installation. And while we may view the Admin Guide as a primer to
setting up OpenLDAP, it is not appropriate to turn it into a primer on how to
set up and configure SASL. There are other resources for that.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: owner-openldap-bugs@OpenLDAP.org
> [mailto:owner-openldap-bugs@OpenLDAP.org]On Behalf Of sfrost@snowman.net
> --14PCYtZiSn5RZRtk
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
> * brian.derocher@mitretek.org (brian.derocher@mitretek.org) wrote:
> > The point is that sasl-host and sasl-realm are required for
> strong=20
> > authentication and this warrants their mentioning in the
> Admin Guide. At=
> =20
> > least for me, setting these options changed my installation
> from not work=
> ing=20
> > to working and resolved two days of hassle.
>
> Same here wrt fighting with things to get SASL to work. No idea why,
> but setting sasl-realm primairly seems to be necessary for things to
> work as I expect. Of course, I'm still fighting the All-whitespace
> username game with SASL and the ldap clients atm.
>
> Stephen
>
> --14PCYtZiSn5RZRtk
> Content-Type: application/pgp-signature
> Content-Disposition: inline
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
>
> iD8DBQE+U9HprzgMPqB3kigRAqvxAJ9xODbTylp86SMY2Eyk8Ep7n8C14gCfWX12
> ifxsqKxpvMANul3TdQ//TiA=
> =tFOj
> -----END PGP SIGNATURE-----
>
> --14PCYtZiSn5RZRtk--
>
>
>