[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: separate sasl-secprops for different tansports

To: openldap-software@openldap.org
Subject: Re: separate sasl-secprops for different tansports
From: Karsten KÃnne <kuenne@rentec.com>
Date: Thu, 26 Oct 2006 08:45:52 -0400
Cc: Hai Zaar <haizaar@gmail.com>
Content-disposition: inline
In-reply-to: <cfb54190610260049x56bb1272l370c376aafb05117@mail.gmail.com>
Organization: Renaissance Technologies Corp.
References: <cfb54190610260049x56bb1272l370c376aafb05117@mail.gmail.com>
User-agent: KMail/1.9.1

On Thursday 26 October 2006 03:49, Hai Zaar wrote:
> Dear list!
>
> Is there any way to specify sasl-secprops separately for each transport
> type? For ldapi:/// is want "sasl-secprops noanonymous,noplain",
> and "sasl-secprops noanonymous,noplain,noactive" for the rest.
>
> The idea is to require SASL GSSAPI for everyone with only exception
> for clients connecting via ldapi (like heimdal KDC) - they need SASL
> EXTERNAL.

Why don't you just remove the SASL mechanisms you don't want? The 
SASL/EXTERNAL will always be there but the others are just shared libraries 
which live in /usr/lib/sasl2 or something similar (at least on my system). 
The slapd won't offer any mechanism which isn't installed.

Karsten.

Follow-Ups:
- Re: separate sasl-secprops for different tansports
  - From: "Hai Zaar" <haizaar@gmail.com>

References:
- separate sasl-secprops for different tansports
  - From: "Hai Zaar" <haizaar@gmail.com>

Prev by Date: Re: provider slapd segfault with syncprov
Next by Date: Re: separate sasl-secprops for different tansports
Index(es):
- Chronological
- Thread