On Fri, Feb 09, 2007 at 01:15:47AM -0800, Howard Chu wrote:I wouldn't expect to find much documentation on this topic because in general it's the wrong thing to do. What distributed authentication system do you use that is supported by pam but is not supported directly by LDAP or SASL?
Radius. I'm aware that 2.4 fills that gap, but I don't want to use alpha software in production
That's fair.
(In fact, I was not even able to build it)
These steps are only needed if you're going to use plaintext passwords in SASL Binds, and yet you only show the use of Simple Binds here.
Sure, that's just what I was looking for. I found no doc explaining how to do it, that's why I post it there, with the hope it could help someone else (or even myself in a few months).
I could not even find a place where it is said that userPassword should be {SASL} followed by the login.
The log messages are meaningful, you just don't understand them. Your ignorance does not indicate a fault in the software.NB2: slapd logs in /var/log/slapd.conf, the error messages are usually meaningless, especially for ACL and SASL troubles.
I expected to be flammed for that one. I just tell you about my frustration working with some OpenLDAP areas. You can choose to call user feedbacks ignorance and ignore them, it's up to you.
Back on ACL logs: Point me to the document that explains how to parse that pack of nonsense, and I might consider them meaniningful. For now, my opinion is that the ACL log output is just useless for the average administrator. Where is the information such that what ACL matched, or for what value an ACL clause is evaluated?