On Thu, 2002-04-18 at 07:23, Howard Chu wrote: > The rootpw config has nothing to do with SASL. In the 2.0.x release the only > valid DNs for a SASL bind are of the form "uid=<username> + realm=<realm>" > If you want "ldapadmin@REALM" to be treated as your server root then you > need to > configure > rootdn "uid=ldapadmin + realm=REALM" Followup guestion. Since the userPassword field is obviously bogus (unused) since we don't do a simple bind, how do I configure OpenLDAP to only allow certain principals to bind as an arbitrary user? I read something a while back about an attribute that could specify multipal principals, but it used a now depricated ObjectClass. Basically can I do something that's the same effect as .k5login on binding to ldap? Do I need to do special things in my LDAP acls? (I imagine so.) Thaks so much. Appreciate your patience! Michael > On a SASL bind your rootpw is irrelevant, since SASL will perform the > authentication using your kerberos ticket. > > -- Howard Chu > Chief Architect, Symas Corp. Director, Highland Sun > http://www.symas.com http://highlandsun.com/hyc > Symas: Premier OpenSource Development and Support -- Public key available from http://students.cs.byu.edu/~torriem
Attachment:
signature.asc
Description: This is a digitally signed message part