[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP and Cyrus SASL



man, 2003-03-03 kl. 13:18 skrev Karl Lattimer:

> When using SASL with OpenLDAP do I need to add an entry into the LDAP
> directory specifically for authentication? 
> 
> I am of the understanding that I don't, instead I use a login name on the
> LDAP server like 
> 
> uid=someuser,cn=DIGEST-MD5,cn=auth 

As far as DIGEST-MD5 is concerned, there's a thread mostly consisting of
Howard Chu teaching and others following instructions on July 12 of last
year, which you'd do well to find and browse. It works perfectly for me,
though I don't use DIGEST-MD5 for Openldap (do always use CRAM-MD5 for
ESMTP, using my Openldap DSE) in everyday work ;)

You can use your DSE *unaltered*, with no sasldauth or anything like
that - the only thing is, that both CRAM and DIGEST-MD5 userPassword
attributes must be stored in cleartext. But ACLs and directory
permissions should take care of any security issues.

Best,

Tony

-- 

Tony Earnshaw

All the world is mad, exceptin thee and me
and even thee's a little queer

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl