[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SASL required? for Heimdal Kerberos -> OpenLDAP



My recommendation would be to use Heimdal's regular backend, not OpenLDAP.  It seems to me that using OpenLDAP for the backend may be more kludgy than doing the reverse, ie using SASL to authenticate users against Kerberos.  If you want to know how to set userpasswords in OpenLDAP to refer to Kerberos as the authenticator (using saslauthd) or how to use SASL to authenticate against OpenLDAP with your Kerberos ticket, this list can help you with that.


-----Original Message-----
From: owner-openldap-software@OpenLDAP.org on behalf of Kurt D. Zeilenga
Sent: Wed 10/13/2004 1:57 PM
To: Bruce Marriner
Cc: OpenLDAP software list
Subject: Re: SASL required? for Heimdal Kerberos -> OpenLDAP

At 11:36 AM 10/13/2004, Bruce Marriner wrote:
> I am trying to get Heimdal Kereros setup to use OpenLDAP as a database store for it's passwords.  I have OpenLDAP 2.0.27 installed and Heimdal 0.6.2-20040927 snapshot compiled with OpenLDAP support.   When I attempt to initialize my Kerberos domain I get an error : hdb_open: ldap_sasl_bind_s: Can't contact LDAP server.  So I learned that normally people seem to use SASL to implement this.  I would like to know if there is a method of configuring all this so SASL is not required?  Also in doing that would there be some risks to consider?

Your question should be directed to a list covering
issues with Heimdal's LDAP backend, hdb-ldap, such
as <<mailto:heimdal-discuss@sics.se>heimdal-discuss@sics.se>.

Kurt

PS: OpenLDAP 2.0 (and 2.1) are historic.  You should
consider upgrading.