[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Basic SASL setup instructions



At 11:15 PM 10/17/00 +0100, Jim Hud wrote:
>Is it currently being worked on?

Yes.

>I was hoping to use TLS/SSL but neither
>Netscape or Outlook Express will work with authenticated SSL

Note that client's TLS (SSL) certificate is not used establish
LDAP authorization unless the client requests a SASL/EXTERNAL
bind.

>to slapd so SASL becomes the next best option,

I didn't realize that Netscape and Microsoft clients had
implemented any SASL authentication methods yet.  I'm under
the impression they only support simple bind, but that they
did support this over both LDAP and LDAP over SSL.

Netscape "smart" (anon search + simple bind) authentication
over ldaps:// doesn't work for me [the 0x61 issue others have
reported]... but simple bind works fine.  See FAQ for details
on how to provide a bind DN to Netscape.
  http://www.openldap.org/faq/index.cgi?file=138

BTW, the test user "uid=test,dc=openldap,dc=org" w/
password "secret" is now available for testing purposes
at ldap://ldap.openldap.org/ & ldaps://ldap.openldap.org/

>but I need the LDAP database to hold the id's and passwords.
>
>How can I help this along by adding my efforts?

By enquiring on the developer's list.