[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAPv3 a nightmare



I think I would like to use openldap, but
After a couple of weeks of reading up on it and trying to get a directory "working" I have come to the conclusion that cyrus-sasl sucks.
Even worse seems [its|my] attempt to use kerberosv5 and function.
Mabe I am the fool and simply cannot get these three to play together nicely but, holy shit how convoluted is this whole LDAPv3?!


Do I need a ldap directory working to get sasl binds tested or working? Do I also need a user in LDAP and sasldb?
Do I need plain passwords in the ldap directory (do I even have users in the directory yet) to take advantage of "secure" authentication with sasl and avoid doing "simple" binds to ldap or useing the sasldb?
Do I need a kerberos kdc working to test if sasl [can|might] work with ldap kerberos binds?
How the hell am I suposed to get a client , say mozilla, to bind to ldap with [kerberos tickets | sasldb username | a username] anyway?
And why does sasl use pam?


I don't see how it all ties together.
<rant>
kerberos has a db, ldap has a db, sasl has a db, and they all seem to interoperate in some twisted formula called LDAPv3.
I thought the idea of a directory was to consolidate information in a central location not smear user:pw databases all over!
Seems to me that sasl is pretty useful if you like beating your face in with a maul laced in glass shards. Querying an openldap directory sounds almost as safe.
And if kerberosV5 is soo freakin badass then why the hell don't many applications make use of it?
Does everything still use bind v2 or am I just on the ldap bind v2 side of the internet?
</rant>