[Date Prev][Date Next] [Chronological] [Thread] [Top]

Basic SASL setup instructions

To: openldap-software@OpenLDAP.org
Subject: Basic SASL setup instructions
From: Robert Watt <watt@collab.net>
Date: Thu, 5 Oct 2000 15:48:12 -0400 (EDT)

Hi.

I've been trying to setup SASL authentication with OpenLdap 2.0.4, and
don't quite know where to start.

Last month I saw a series of posts between Hugo and Kurt on a basic SASL
setup. I tried what was outlined, but I think I've missed a couple of
steps.

Basically I copied the entry of an existing user and modified their
'userpassword' attribute to: {sasl}, then used saslpasswd to create
/etc/sasldb with that users name, realm and password. (there was a mention
of {sasl}xxxxxxxxxx entries also for simple bind. I don't want simple
bind, so need to know how to setup the full-sasl way).

When I try to login as the user through ssh or a console login it fails. When I try to use
ldapsearch, no matter how I enter their info with ldapsearch -D "various
dn's combining realm info" -W it responds with:

ldap_bind: Invalid credentials.

So, a few questions:

- What setup steps do I need to get basic SASL functionality working so
that services authenticate through ldap/sasl and ldap utilities bind
through sasl rather than simple auth with cleartext passwords.

- What format do I need to use for the ldap utilities? I assume -D is
not supposed to be used with sasl. I've seen the -I -U and other switches,
but nothing I've tried seems to work (basically the utilities tell me I'm
not using the switches correctly).

- In addition to the setup on the server, what do I need on my clients to
get them to use sasl?

- Has anyone used openssl and/or kerberos instead of sasl? Which is
preferred?

- Nalin from Red Hat posted some RPM's of OpenLDAP 2.0.4. Does anyone
know if these have sasl support compiled in?

Thanks in advance!

Rob Watt
System Administrator
CollabNet

Prev by Date: RE: PAM_LDAP
Next by Date: Re:
Index(es):
- Chronological
- Thread