[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP + Kerberos not allowing simple binds



Robert wrote:

"Jose Gonzalez Gomez" <jgonzalez@opentechnet.com> wrote in message
411E29BE.6050002@opentechnet.com">news:411E29BE.6050002@opentechnet.com...


{KERBEROS} is deprecated (I think). In order to use {SASL} you must
compile OpenLDAP with a special option (--with-spasswd??). Have you done
that?



Yes, openldap was built with --with-spasswd. Anything else I need to do to either openldap or cyrus-sasl?

Thanks
Robert





I should check with my installation (I won't be able to do that until monday, probably) but I think you need a file in /etc/sasl2/slapd.conf (or something similar) indicating the mechanism to use... if you use Kerberos you could probably use saslauthd as the mechanism and then set saslauthd to check passwords against Kerberos (saslauthd -a kerberos)... check this by yourself, as I'm typing without looking at the docs, and my memory is horrible.

   Best regards
   Jose