[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP -> SASL -> LDAP?



Hi,

I have two questions regarding SASL and LDAP:
1) As I understand it LDAP can use SASL for authentication of users.
   I guess LDAP can be used for a central datastore of userprofiles, containing
   user passwords for use with pam_ldap, mailaddresses and so on.
   SASL seems to have its own password database /etc/sasldb.
   Do I now end up having two locations where a userpassword is stored, i.e.
   SASLdb and LDAP, or is there a SASL plugin which fetches the credentials
   from an LDAPserver?
   If this is the case, am I right assuming that the rootdn/rootpw is to
   avoid a chicken and egg problem?
2) Is there any info (FAQ/HowTo) on how to configure slapd.conf for use
   with SASL?
3) I saw the configure option "--enable-aci". Is the per-object ACI aproach
   going to be the future standard, while yet unstable (it's not
   configured by default), or is it only applicable for special situations,
   e.g. partial server replication?

Thanks for you comments
	Arvid Requate