[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: OpenLDAP 2.1 Released
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Kurt D.
> Zeilenga
> At 05:30 AM 2002-06-10, Turbo Fredriksson wrote:
> >>>>>> "Kurt" == Kurt D Zeilenga <Kurt@OpenLDAP.org> writes:
> > Kurt> * SASL authentication/authorization mapping
> > Kurt> * SASL in-directory storage of authentication secrets
> >
> >How much of this is finished/working (at all)? And is it what I think
> >it is? Exactly WHAT is it?
> To find out exactly what it is, you'll likely have to read
> the source code....
> SASL in-directory storage of authentication secrets provides
> a mechanism to use authentication secrets held in the directory
> in lieu of secrets held externally (e.g., SASLdb or other
> store accessed through Cyrus SASL). This is not yet detailed
> in the OpenLDAP 2.1 Admin Guide.
Used with Cyrus SASL 2.1.3beta (I assume Cyrus 2.1.4 works as well, haven't
updated yet) slapd inserts its own auxprop plugin that looks up properties
internally in slapd. The authentication mapping must already be configured
to map SASL names to valid DNs otherwise the lookup will fail and the normal
sasldb or whatever other mechanisms will be used.
So far the provided code only affects slapd. An external shared library will
be needed to allow other services to work with LDAP. The LDAP support in
Cyrus SASL 2.1.3+ is unrelated to this work, and only performs cleartext
password validation. The SASL support in slapd handles all forms of SASL
authentication.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support