[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: openldap + sasl + plain|login + pam
Sorry to post so quickly again, but this is working now for me.
by putting just sasl-secprops none in slapd.conf, setting up
/usr/lib/sasl/slapd.conf and /etc/pam.d/ldap
and changing ldap.conf to include SASL_SECPROPS none, I can now
authenticate using pam.
Hope this helps someone else!
Tom
On Wed, 10 Jul 2002, Tom Ryan wrote:
> It seems from reading various faqs documentation that it is possible to
> configure my openldap server to authenticate users binding to it with
> SASL as the backend using PLAIN|LOGIN to authenticate.
>
> As SASL (on my RH 7.3 system) has pam in plain|login, it seems possible to
> configure a /usr/lib/sasl/slapd.conf to contain pwcheck_method: pam and
> then have a /etc/pam.d/ldap??? containing relevant lines.
>
> essentially, is it possible to have ldap behave much like authenticated
> smtp does using the sasl library?
>
> if i query my openldap server for
>
> ldapsearch -x -H ldaps://127.0.0.1 -b "" -s base supportedSASLMechanisms
>
> I get
>
> supportedSASLMechanisms: PLAIN
> supportedSASLMechanisms: LOGIN
> supportedSASLMechanisms: ANONYMOUS
>
> Has anyone done this? is it possible?
>
> Tom
>
>
--
_______________________________________________________________________
Tom Ryan Voice: 856-225-6361
Consulting System Administrator Fax: 856-969-7900
Rutgers School of Law - Camden