[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Basic SASL setup instructions



Is OpenLDAP planning an enhancement to slapd to use CRAM_MD5 etc via SASL
but use the ldap database as simple bind does?


----- Original Message -----
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
To: "Jim Hud" <jdhz@btinternet.com>
Cc: "Robert Watt" <watt@collab.net>; <openldap-software@OpenLDAP.org>
Sent: Tuesday, October 17, 2000 6:13 PM
Subject: Re: Basic SASL setup instructions


> At 09:21 AM 10/17/00 +0100, Jim Hud wrote:
> >>The don't bother with userPassword...  setup up Cyrus SASL.
> >>Make sure it works (using Cyrus provided sample client and server
> >>and -s "ldap").  Then use same mechanism, authentication identities,
> >>secrets with slapd.
> >
> >Does this mean that the userids and user passwords are not/cannot be held
in
> >the LDAP database at the server end?
>
> You can store a password in userPassword.  Simple bind will use it.
> SASL/PLAIN may use it as well if you configure Cyrus SASL to use
> an LDAP-enabled pwcheckd or LDAP-enabled PAM.
>
> For SASL/DIGEST-MD5, slapd currently relies on Cyrus SASL to
> maintain the secret in its SASLdb.  This allows slapd to share
> the same user/secret database as other application protocol
> servers.
>
> Kurt
>
>
>