[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: sasl and openldap.



Quoting "Tarjei Huse" <tarjei@nu.no>:

> 1. Does the use of ldap and sasl imply that the passwords are stored in the
> sasldb?
> I.e: authclient (f.x. mailprog) -> machine -> ldap -> sasl -> sasldb

Not necessarily... SASL is just a 'middle-layer'... Instead of 'sasldb' in your
example, you could (as I and may others) use Kerberos (either v4 or v5)...

> 2. To use sasl auth in ldap, do you have to make a Openldap.conf file in the
> sasl pluginn dir?

No

> Part of the resond I'm asking, is because some of my ldap clients (mainly
> the gui ones for my pc) seem to be using ldap_sasl_bind when connecting
> (weired hu?) and I get errors that the slapd cannot access the sasldb file
> wich is logical since slapd is running as user ldap and sasldb is owned by
> root. I do not want to use sasldb btw, but have everything in my ldap db as
> I'm using my server both for pam_ldap and samba-tng authentication.

If you care to investigate the Kerberos issue more, I wrote a little howto
on getting OpenLDAP v2 and MIT Kerberos V5 to work together...

http://www.bayour.com/kerberos/Kerberos-MiniHOWTO.html


-- 
 Turbo     __ _     Debian GNU     Unix _IS_ user friendly - it's just 
 ^^^^^    / /(_)_ __  _   ___  __  selective about who its friends are 
         / / | | '_ \| | | \ \/ /   Debian Certified Linux Developer  
  _ /// / /__| | | | | |_| |>  <  Turbo Fredriksson   turbo@tripnet.se
  \\\/  \____/_|_| |_|\__,_/_/\_\ Stockholm/Sweden