[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: ldapsearch and sasl
Thanks for your comment, Howard:
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of Howard Chu
> Sent: Wednesday, March 16, 2005 6:34 PM
> To: Dieter Kluenter
> Cc: openldap-software@OpenLDAP.org
> Subject: Re: ldapsearch and sasl
>
>
> >>I have the following lines in slapd.conf:
> >>
> >>sasl_pwcheck_method: saslauthd
> >>
> >>
> >this is not a configuration parameter in /etc/openldap/slapd.conf.
> >
> >
> Perhaps he meant /usr/lib/sasl2/slapd.conf.
Probably. I don't remember where I found the suggestion to include this
line in 'slapd.conf' but since it was after I had entered the sasl regex
lines in /etc/openldap/slapd.conf, I either forgot that sasl expects its
app.conf files to be found in /usr/lib/sasl2 or drew the conclusion that
slapd was an exception to this rule.
>
> If that's the case, this is a problem because saslauthd only supports
> cleartext authentication mechanisms, not DIGEST-MD5. DIGEST-MD5 will
> only work with an auxprop (which is the default) mech. You're
> better off
> not creating /usr/lib/sasl2/slapd.conf and just running with
> the default
> settings there.
Thanks, I needed this info, too. I'll take the sasl_pwcheck_method line
out of /etc/openldap/slapd.conf.
Ldap is no doubt very useful when one has it all configured properly,
but the threshold is a looloo! And it doesn't help a bit that I chose
OpenLDAP, but our shop consists mainly of Solaris 8 machines with what I
have seen called broken ldap, together with a few Solaris 9 and 10
machines, and an increasing number of linux machines (these last are a
doddle to set up for ldap authentication).
mvh/regards
James
###########################################
This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange.
For more information, connect to http://www.f-secure.com/