[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP and SASL problem



Gildas Bayard <gildas.bayard@hds.utc.fr> writes:

> Hello,
>
> I'm setting up a new ldap server on ubuntu server 8.04.3 LTS.
> man slapd.conf encourages me into using SASL auth for rootdn instead
> of setting the rootpw parameter in slapd.conf.
>
> So I created a user in sasldb with saslpasswd2. sasldblistusers2 give me
> admin@coruscant: userPassword which is what is expected.
> But then I see that the password there is in plain text so I don't
> really get the advantage of using SASL then. So I decide to use
> saslauthd instead (which in turn will use pam by default).

Why do you want to use saslauthd and sasldb to authenticate rootdn
against slapd? And why do you complain about plaintext passwords in
sasldb? How else could you response to a challenge based on a shared
secret? 

> My problem is that I could not find how to tell openldap to use
> saslauthd instead of sasldb.
[...]

Because in most cases a ldap server maintains its own user database
and password storage. Basics on how to implement SASL you can find in
the Admin Guide
http://www.openldap.org/doc/admin24/sasl.htm

-Dieter

-- 
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:8EF7B6C6
53°08'09,95"N
10°08'02,42"E