[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap+sasl confusion



Hi , 

Thanks for the documents. I seriously need more documentation to read but it's a bit hard to find useful documents. Let me go through them first. 

2009/6/29 Michael Ströder <michael@stroeder.com>
Seau Yeen Su wrote:
>
> 1. Yes, i am talking about SASL bind with password-based mechs. What do
> you mean by in-directory passwords? Where are the in-directory passwords
> stored?  How do i set userPassword attributes?

The userPassword attribute is an attribute like any other attribute
within the user's directory entry.

See entry

> 2. Again, what do you mean by the directory?

Well, simply your LDAP server with the database.

> 3. Can you give an example of slapd.conf with configuration for a
> digest-MD5 SASL authenticaion method? I am pretty lost now. All that you
> mention i have read before but i just don't know how to piece them all
> together.

Well, I don't want to be rude but you should probably do some more
reading. I've attached a tar.gz with a testbed configuration I've
prepared for SASL testing with the CAS SSO project. But judging from
some of your questions it seems you might also be lost with this.

> For, eg, if i
> set rootpw to admin, the password i provide when ldap prompts for
> password, should be "admin"?

Yes, then the password is simply "admin" and you should be able to use
SASL/DIGEST-MD5 bind.

> 5. What do you mean by grant access to users? Can you please explain more?

You should read about access control:
http://www.openldap.org/doc/admin24/access-control.html
http://www.openldap.org/faq/data/cache/189.html

Ciao, Michael.



--
Warmest Regards,
Seau Yeen