[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapdb troubleshooting

To: OpenLDAP Discussion List <openldap-software@OpenLDAP.org>
Subject: Re: ldapdb troubleshooting
From: "Dr. Lars Hanke" <lars@lhanke.de>
Date: Mon, 14 Mar 2005 09:38:37 +0100
Content-disposition: inline
In-reply-to: <20050313234453.GK654@eris.tenfour>
Organization: Microsystem Accessory Consult
References: <200503132248.41584.lars@lhanke.de> <20050313234453.GK654@eris.tenfour>
User-agent: KMail/1.6.2

> > authenticate with the LDAP repository. I started with imap and immediately 
> > ran into trouble. This is what imtest wrote to auth.log:
> Not a direct answer, but if you just want cyrus to use ldap user/pass for 
auth,
> I've found it much simpler to use pam_ldap via saslauthd.

I understood that there's a major difference in that ldapdb is supposed to 
retrieve the password from the LDAP repository (using a controlled, secure 
channel) and performs SASL auth in between client and server, which can be 
chosen also secure (e.g. DIGEST-MD5).

pam_ldap in contrast authenticates a credential sent to the server with the 
LDAP repository. Therefore, the credential sent by the client must be 
decodeable, which is a major weakness in the protocol.

Am I mistaken about that?

Have fun,
 - lars.

References:
- ldapdb troubleshooting
  - From: "Dr. Lars Hanke" <lars@lhanke.de>
- Re: ldapdb troubleshooting
  - From: Dick Davies <rasputnik@hellooperator.net>

Prev by Date: slurpd probs
Next by Date: Object Class violation
Index(es):
- Chronological
- Thread