[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Basic SASL setup instructions



It is address book in Netscape that is being discussed, it does not work if
SSL and Login are enabled.  Not with client certs as far as I know, I
certainly have not tried them.


----- Original Message -----
From: "Edwin Chiu" <Edwin.Chiu@e-wares.com>
To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Cc: "Jim Hud" <jdhz@btinternet.com>; <openldap-software@OpenLDAP.org>
Sent: Wednesday, October 18, 2000 2:13 PM
Subject: Re: Basic SASL setup instructions


> Have you tried using just the Address Book in Netscape? I've never had
> any success with ldaps:// in Netscape... and unfortunately, LDAP doesn't
> seem to be present in Mozilla yet ;(
>
> The Address Book should support at minimum, SSL with client auth. I'm
> fairly certain it should support the use of client certs as well....
>
> Edwin
>
> "Kurt D. Zeilenga" wrote:
>
> > At 11:15 PM 10/17/00 +0100, Jim Hud wrote:
> > >Is it currently being worked on?
> >
> > Yes.
> >
> > >I was hoping to use TLS/SSL but neither
> > >Netscape or Outlook Express will work with authenticated SSL
> >
> > Note that client's TLS (SSL) certificate is not used establish
> > LDAP authorization unless the client requests a SASL/EXTERNAL
> > bind.
> >
> > >to slapd so SASL becomes the next best option,
> >
> > I didn't realize that Netscape and Microsoft clients had
> > implemented any SASL authentication methods yet.  I'm under
> > the impression they only support simple bind, but that they
> > did support this over both LDAP and LDAP over SSL.
> >
> > Netscape "smart" (anon search + simple bind) authentication
> > over ldaps:// doesn't work for me [the 0x61 issue others have
> > reported]... but simple bind works fine.  See FAQ for details
> > on how to provide a bind DN to Netscape.
> >   http://www.openldap.org/faq/index.cgi?file=138
> >
> > BTW, the test user "uid=test,dc=openldap,dc=org" w/
> > password "secret" is now available for testing purposes
> > at ldap://ldap.openldap.org/ & ldaps://ldap.openldap.org/
> >
> > >but I need the LDAP database to hold the id's and passwords.
> > >
> > >How can I help this along by adding my efforts?
> >
> > By enquiring on the developer's list.
>
>