[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP and SASL problem

To: openldap-software@openldap.org
Subject: Re: LDAP and SASL problem
From: Patrick Ben Koetter <p@state-of-mind.de>
Date: Fri, 24 Jul 2009 16:52:28 +0200
Content-disposition: inline
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=state-of-mind.de; s=mail0801; t=1248447152; bh=hRb9SWbqwL73TOm2TNOQDEw7NAPCTwL1wlFGcuN3vlw=; h=Date:From:To:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Transfer-Encoding:In-Reply-To; b=TiujEq2hzWygIAVm95/SuFI6XDgEne7MtysiFG9GgzuKL++++D1kewgqzWIu//RnD 8bXdCrBcrLPMVr9dWyT5LpcVp8msG8QT/CDWva0i1TdcRChJE2bWxB+LDxWDQkuqv1 nsegkURat/bc8T8M+W4sbPTO83ooGSlEo7Y6eWow=
In-reply-to: <87prbqyw97.fsf@rubin.avci.de>
Mail-followup-to: openldap-software@openldap.org
References: <4A68753C.4020707@hds.utc.fr> <87prbqyw97.fsf@rubin.avci.de>
User-agent: Mutt/1.5.17+20080114 (2008-01-14)

* Dieter Kluenter <dieter@dkluenter.de>:
> Gildas Bayard <gildas.bayard@hds.utc.fr> writes:
> 
> > Hello,
> >
> > I'm setting up a new ldap server on ubuntu server 8.04.3 LTS.
> > man slapd.conf encourages me into using SASL auth for rootdn instead
> > of setting the rootpw parameter in slapd.conf.
> >
> > So I created a user in sasldb with saslpasswd2. sasldblistusers2 give me
> > admin@coruscant: userPassword which is what is expected.
> > But then I see that the password there is in plain text so I don't
> > really get the advantage of using SASL then. So I decide to use
> > saslauthd instead (which in turn will use pam by default).
> 
> Why do you want to use saslauthd and sasldb to authenticate rootdn
> against slapd? And why do you complain about plaintext passwords in
> sasldb? How else could you response to a challenge based on a shared
> secret? 
> 
> > My problem is that I could not find how to tell openldap to use
> > saslauthd instead of sasldb.
> [...]
> 
> Because in most cases a ldap server maintains its own user database
> and password storage. Basics on how to implement SASL you can find in
> the Admin Guide
> http://www.openldap.org/doc/admin24/sasl.htm

I pretty much gave Gildas the same answer on the Cyrus SASL mailing list ...

p@rick



-- 
state of mind
Digitale Kommunikation

http://www.state-of-mind.de

Franziskanerstraße 15	   Telefon +49 89 3090 4664
81669 München              Telefax +49 89 3090 4666

Amtsgericht München        Partnerschaftsregister PR 563

Follow-Ups:
- Re: LDAP and SASL problem
  - From: Gildas Bayard <gildas.bayard@hds.utc.fr>

References:
- LDAP and SASL problem
  - From: Gildas Bayard <gildas.bayard@hds.utc.fr>
- Re: LDAP and SASL problem
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: Re: LDAP and SASL problem
Next by Date: Re: tls init def ctx failed: -1 with my cacert signed certs
Index(es):
- Chronological
- Thread