[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL MD5 - another try

To: openldap-software@OpenLDAP.org
Subject: Re: SASL MD5 - another try
From: Dieter Kluenter <dieter@dkluenter.de>
Date: Thu, 17 Jul 2003 10:30:25 +0200
In-reply-to: <1378995706.20030716184123@startatom.ru> (Alexander Lunyov's message of "Wed, 16 Jul 2003 18:41:23 +0400")
References: <62471981.20030716161352@startatom.ru> <m31xwqtvch.fsf@marin.l4b.de> <1378995706.20030716184123@startatom.ru>
User-agent: Gnus/5.1001 (Gnus v5.10.1) XEmacs/21.4 (Portable Code, linux)

Hi,

Alexander Lunyov <lan_mailing@startatom.ru> writes:

> Hello Dieter,
>
> Wednesday, July 16, 2003, 6:11:26 PM, you wrote:
>
> DK> Hi,
>
> DK> Alexander Lunyov <lan_mailing@startatom.ru> writes:
>
>>> Hello openldap-software,
>>>
>>>   I'm still don't get it. Let's play it step by step.
>>>
>>>   1. Install Cyrus-SASL 2.1.13 with default options in configure
>>> (not me, it's port in FreeBSD).  2. Install OpenLDAP 2.1.21 with
>>> --enable-sasl option in configure (also port).  3. Configure
>>> slapd.conf and add proper sasl-regexp option.  4. Get LDAP database
>>> filled.  5. Then i'm trying to bind to LDAP with -Y DIGEST-MD5 and
>>> result same as before - logs are growing fast with "daemon: select
>>> timeout - yielding" entry. And that's all.
>>>
>>>   I dreaming to get some error that you people have - but i've got
>>> only that "select timeout" and nobody seems to know what is
>>> happening.
>>>
>>>   The questions are:
>>>
>>>   1. Is SASL really works with LDAP (stupid question? i don't think
>>> so)?  2. Do i need to config SASL in some way?  3. Do i need to
>>> compile ldapdb auxprop plugin for SASL?  4. Can anyone if you have
>>> SASL & LDAP working together write some small step by step howto?
>
> DK> You have to add users and password to sasldb.  saslpasswd2 -a ldap
> DK> -u <sasl-realm> -c <user>
>
>     Huh? What for? According to
>     http://www.openldap.org/doc/admin21/sasl.html
>
>     Secret passwords are normally stored in Cyrus SASL's own sasldb
> database, but if
>     OpenLDAP has been compiled with Cyrus SASL 2.1 it is possible to
> store the
>     secrets in the LDAP database itself.
>     That's what all this mess with SASL for. I need users and their
>     passwords stored in LDAP (that's what i already have) and now i
>     want DIGEST-MD5 authentication for some services (such
>     Cyrus-IMAPD).

That is correct in principle :-)
If you store your userid's and passwords in a directory instead of
sasldb you have to configure sasl and your application (imapd) to look
up the directory. But that is a sasl issue and not an openldap topic.

-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de

References:
- SASL MD5 - another try
  - From: Alexander Lunyov <lan_mailing@startatom.ru>
- Re: SASL MD5 - another try
  - From: Dieter Kluenter <dieter@dkluenter.de>
- Re[2]: SASL MD5 - another try
  - From: Alexander Lunyov <lan_mailing@startatom.ru>

Prev by Date: Re: library questions: LDAPMessage, msgid, ...
Next by Date: help: how to add chinese entry ?
Index(es):
- Chronological
- Thread