[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slurpd -d9 --- Invalid credentials



My main point is to not have the passwd in "plain text" in my slapd.conf.  I want to have it encrypted.
I thought SASL would provide me with this facility, such that is would look at the /etc/sasldb file for it on the master, then with it, then send that/unencrypted to the slave ldap server for authentication.

Or if this thought of mine is wrong, let me know what I need to do or correct to make it possible..

Thanks,
Steven

----- Original Message ----
From: Kurt D. Zeilenga <Kurt@OpenLDAP.org>
To: Steven Wong <slqwong@yahoo.com>
Cc: Howard Chu <hyc@symas.com>; Aaron Richton <richton@nbcs.rutgers.edu>; openLDAP software <openldap-software@OpenLDAP.org>
Sent: Tuesday, August 8, 2006 12:28:33 PM
Subject: Re: slurpd -d9  --- Invalid credentials

At 11:54 AM 8/8/2006, Steven Wong wrote:
> I was wondering if there are any Howto's for LDAP, SSL, with SASL, without Kerberos. 

The basic OpenLDAP SASL tutorial is:
        1) get Cyrus SASL working first (using their client programs
        with service set to "ldap" and daemon name set to "slapd").
        (use Cyrus SASL mailing list to resolve issues)
        2) then apply lessons learned in 1 to getting OpenLDAP working

The basic OpenLDAP TLS/SSL tutorial is:
        1) get OpenSSL working first (using s_server/s_client)
        (use OpenSSL list to resolve issues)
        2) then apply lessons learned in 1 to getting OpenLDAP working

-- Kurt