On 09/08/10 14:52 -0700, Howard Chu wrote:
Dan White wrote:On 09/08/10 16:56 +0800, LI Ji D wrote:Hi, My problem is that I expect slapd to authenticate with the password stored in sasldb. But it's not, it uses the password stored in userpassword attribute of this user which is a item of openldap. So I want to know, how can slapd use password stored in sasldb to do the sasl authentication.I attempted to do this as well and failed. Setting auxprop_plugin to sasldb did not provide the expected response. Regardless of whether I set it to slapd or sasldb, the server authenticates my digest-md5 sasl bind using the internal slapd plugin. I recommend you file a bug report.File the bug with the correct people. OpenLDAP doesn't do anything in particular with SASL configuration. If you can't get the desired behavior by setting the SASL config file, then file a bug against Cyrus SASL.
It does! for auxprop_plugin, and auxprop_plugin only. After some digging I found the insertion of a SASL_CB_GETOPT function which replaces whatever auxprop_plugin value is found in the sasl config file with the sasl-auxprops openldap config option, or defaults to 'slapd' if no sasl-auxprops is defined. It's perfectly documented in the slapd.conf man page... just never occurred to me to look. LI, setting: sasl-auxprops sasldb within the openldap slapd.conf works for me. -- Dan White