[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SASL PAM Authentication
I'm using the Debian slapd package so slapd.conf is in /etc/ldap.
OpenLDAP is compiled with sasl support. The result of 'ldapsearch -x -s
base -b "" supportedSASLMechanisms' is listed below. I'm not using the
-x option for any other commands if that is what you mean by simple
binding.
# extended LDIF
#
# LDAPv3
# base <> with scope base
# filter: (objectclass=*)
# requesting: supportedSASLMechanisms
#
#
dn:
supportedSASLMechanisms: NTLM
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: ANONYMOUS
supportedSASLMechanisms: CRAM-MD5
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
On Sat, 2003-09-13 at 03:47, Edward Rudd wrote:
> Is the slapd.conf file in the correct directory?
> Is openldap compiled with sasl support?
> and 3rd, OpenLDAP will only use the sasl backend when doing a sasl
> bind.. when doing s simple bind it will ONLY use the internal
> userpassword field (AFAIK).
>
> On Sat, 2003-09-13 at 01:28, Craig Gallek wrote:
> > I'm having trouble with the slapd authentication mechanism. I have
> > successfully managed to get slapd to authenticate a user through the
> > PLAIN mechanism authenticating against the userPassword field of a
> > directory entry. I have also successfully installed SASL and the
> > saslauthd. I have configured saslauthd to authenticate against the PAM
> > modules on my machine. testsaslauthd successfully authenticates against
> > the local shadow password database.
> >
> > Now I am trying to make slapd authenticate against saslauthd (or even
> > directly using the SASL PAM libraries) rather than against the
> > userPassword field in the directory. I've tried setting the
> > pwcheck_method in slapd.conf to saslauthd. This did not seem to have
> > any effect on the authentication process or the output log information.
> >
> > Any suggestions would be appreciated.