[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Documenting the usage of /usr/lib/sasl2/slapd.conf (ITS#3164)



I note that, in general, the Admin Guide should refer the
reader to Cyrus SASL and Kerberos documentation as needed
instead of attempting to detail configuration aspects
particular to those systems.

For the alternative keytab file issue (which, BTW, isn't
needed by default), I will add the sentence:
        See your Kerberos and Cyrus SASL documentation for
        information regarding keytab location settings.

to the GSSAPI subsection just after the existing sentence
mentioning the keytab file.

The pwcheck_method stuff you suggest makes no sense to me.

The mapping stuff is covered in a separate subsection (as
noted in the intro to the SASL section).

Thanks, Kurt

At 03:43 AM 5/30/2004, tarjei@nu.no wrote:
>Full_Name: Tarjei Huse
>Version: 2.x.x
>OS: Linux
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (80.111.145.198)
>
>
>The OpenLDAP documentation lacks a description on how to get an OpenLDAP-server
>into a kerberosdomain.  Also it lacks a good description of how to use a
>different keytab than the default keytab for the system. 
>
>However something like this might help:
>
><headline>Configuring SASL</headline>
>By default SASL reads it's configuration from /usr/lib/sasl/App.conf (where
>"App" is the application defined name of the application). For Openldap this is
>slapd.conf. 
>
>Also, some configuraionoptions are handled in the normal slapd.conf
>configurarionfile. These are related to password security and transelation of
>sasl userids to ldap DNs (se below). Also refer to man 5 slapd.conf.
>
>Use /usr/lib/sasl2/slapd.conf to set which configurationmechanism you want to
>use with Openldap and what options it especially needs. 
>
>Examples:
>(this is for Kerberos, with a special keytab for the LDAP-server.)
>pwcheck_method: gssapi
>keytab:        /etc/krb5.keytab.ldap
>
>
>
>More information can be found here:
>* The documentation bundled with your Cyrus Sasl distribution.
>* http://www.sendmail.org/~ca/email/cyrus/sysadmin.html