[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SASL docs?
On Mon, 11 Sep 2000, Kurt D. Zeilenga wrote:
> At 10:05 PM 9/11/00 +0200, Hugo.van.der.Kooij@caiw.nl wrote:
> >
> >I installed SASL and compiled OpenLDAP 2.0.1 so it now has SASL support.
> >Unfortunatly I failed to read/find the proper documentation to get import
> >my ldif file now.
>
> Proper documentation has yet to be written. Volunteers welcomed
> to "jump on in."
I may as soon as I have a firm enough grasp of the whole subject to
describe it.
> No changes(*) to the directory are needed to use SASL as OpenLDAP 2.0
> relies upon Cyrus SASL's to handle such. That is, 2.0 doesn't support
> in directory storage of SASL authentication secrets. 2.1 support
> for such is under development.
>
> * unless you want to use "userPassword: {SASL}user" simple bind support
> [of course, the whole point of SASL in LDAP is to avoid simple bind].
Hmm. Sounds interresting. We got a radius server with one time password
tokens. I will study this in some more detail.
> >So I would welcome some pointers (URL) to SASL documentation or even
> >better a hint to get SASL + OpenLDAP usable for me.
>
> Add users to your SASLdb using saslpasswd(1) or external authenication
> service (such as Kerberos V). slapd(8) will automatically authenticate
> any valid SASL user and assign an authorization DN of the form
> "uid=username + realm=REALM". Depending on the mechanism/configuration
> (sasl-realm), the form might also be "uid=username@KREALM" (GSSAPI) or
> just "uid=username". Once you get successful authentication, you can
> look at slapd.conf to see what authorization DNs are being produced.
Now this could be fun.
LDAP ==> SASL ==> PAM ==> LDAP
Not quite what you had in mind (I guess ;-)
I think I will investigate:
LDAP ==> SASL ==> PAM ==> RADIUS
Hugo.
--
Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ Maasland
hvdkooij@caiw.nl http://home.kabelfoon.nl/~hvdkooij/
--------------------------------------------------------------
Quoting this tagline is illegal! (http://www.dtcc.edu/cs/rfc1855.html)