[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd circularity?

To: Ryan Lovett <ryan@stat.Berkeley.EDU>
Subject: Re: slapd circularity?
From: Howard Chu <hyc@symas.com>
Date: Wed, 22 Feb 2006 13:07:27 -0800
Cc: openldap-software@OpenLDAP.org
In-reply-to: <20060221200626.GP13685@stat.berkeley.edu>
References: <20060221200626.GP13685@stat.berkeley.edu>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060215 SeaMonkey/1.5a Mnenhy/0.7.3.0

Ryan Lovett wrote:

 I'm having trouble strong-binding Mac clients to an OpenLDAP server and I
think its due to my confusion about the SASL configuration. I'm seeing the
message
slap_ap_lookup: str2ad(cmusaslsecretCRAM-MD5): attribute type undefined


This message is harmless.

in the slapd output. It looks like slapd is being querried for the cmusaslsecretCRAM-MD5 attribute while I want slapd to use the userPassword attribute where I've stored CRYPT passwords. (from an NIS conversion)

SASL strong authentication mechanisms require access to a plaintext password. Crypt will not work.

 For this to happen, do I configure SASL via /usr/lib/sasl2/slapd.conf to
use an ldapdb storage?

No. The ldapdb docs explicitly say never to do this. slapd has its own SASL auxprop mechanism built in and doesn't need anything else.

--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/

Follow-Ups:
- Re: slapd circularity?
  - From: Ryan Lovett <ryan@stat.Berkeley.EDU>

References:
- slapd circularity?
  - From: Ryan Lovett <ryan@stat.Berkeley.EDU>

Prev by Date: Re: slapd circularity?
Next by Date: Re: lastmod and index corruption
Index(es):
- Chronological
- Thread