[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenLDAP 2.1 Released



> -----Original Message-----
> From: Tarjei Huse [mailto:tarjei@nu.no]

> > Correct. Currently Cyrus SASL only supports LDAP via saslauthd and
> > saslauthd
> > is only used to validate the PLAIN authentication mechanism. I have an
> > LDAP-based auxprop plugin in the works, it wasn't ready for this release
> > and (I think) there are some slapd extensions needed to make it
> efficient.
>
> When do you think it is ready? I'm considering to wait until then
> to upgrade my
> system.

Don't know, I haven't had time to focus on it. For this one feature I'm
not sure the wait is worth it, might as well upgrade now for the performance
improvements.

> Also, how are the different secrets saved in the ldap directory,
> and how do I set them?

In Cyrus SASL 2, most of the mechanisms derive their secrets from the
plaintext password, and the database itself only stores the plaintext
password. They thoughtfully named their database key "userPassword" so
using LDAP is seamless. Just use ldapmodify (not ldappasswd) to set a
user's userPassword to a plaintext string and it will be usable by all
of the SASL mechanisms. (Except SASL/OTP, which always has to record and
update its own secret after every use.)

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support