RE: ldapsearch and sasl

["James Wilde" <james_wilde@glocalnet.com>]

Thanks for your comment, Howard:

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org 
> [mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of Howard Chu
> Sent: Wednesday, March 16, 2005 6:34 PM
> To: Dieter Kluenter
> Cc: openldap-software@OpenLDAP.org
> Subject: Re: ldapsearch and sasl
> 
> 
> >>I have the following lines in slapd.conf:
> >>
> >>sasl_pwcheck_method: saslauthd
> >>    
> >>
> >this is not a configuration parameter in /etc/openldap/slapd.conf.
> >  
> >
> Perhaps he meant /usr/lib/sasl2/slapd.conf.

Probably.  I don't remember where I found the suggestion to include this
line in 'slapd.conf' but since it was after I had entered the sasl regex
lines in /etc/openldap/slapd.conf, I either forgot that sasl expects its
app.conf files to be found in /usr/lib/sasl2 or drew the conclusion that
slapd was an exception to this rule.

> 
> If that's the case, this is a problem because saslauthd only supports 
> cleartext authentication mechanisms, not DIGEST-MD5. DIGEST-MD5 will 
> only work with an auxprop (which is the default) mech. You're 
> better off 
> not creating /usr/lib/sasl2/slapd.conf and just running with 
> the default 
> settings there.

Thanks, I needed this info, too.  I'll take the sasl_pwcheck_method line
out of /etc/openldap/slapd.conf.

Ldap is no doubt very useful when one has it all configured properly,
but the threshold is a looloo!  And it doesn't help a bit that I chose
OpenLDAP, but our shop consists mainly of Solaris 8 machines with what I
have seen called broken ldap, together with a few Solaris 9 and 10
machines, and an increasing number of linux machines (these last are a
doddle to set up for ldap authentication).

mvh/regards

James
 
###########################################

This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange.
For more information, connect to http://www.f-secure.com/