[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: I cannot auth against SASL

To: Dieter Kluenter <dieter@dkluenter.de>, openldap-technical@openldap.org
Subject: Re: I cannot auth against SASL
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Thu, 30 Jun 2011 14:12:05 -0700
Content-disposition: inline
In-reply-to: <20110630222216.017687e8@rubin.avci.de>
References: <BANLkTimndG+qXrgcWU9O20qQNm6mz3Ew4A@mail.gmail.com> <20110630222216.017687e8@rubin.avci.de>

--On Thursday, June 30, 2011 10:22 PM +0200 Dieter Kluenter<dieter@dkluenter.de> wrote:

Frankly, I don't understand what you are trying to do.
You either bind by means of simple bind (which is DN and password), or
by a sasl based strong bind. In order to use a strong bind you have
several choices, either openldap's own sasl framework or an external
mechanism that provides authentication.
In order to use SASL authentication by means of openldap's sasl
framework i.e. password and uid based credentials, the stored
userPassword attribute value has to be cleartext, otherwise it is not
possible to create an apropriate challenge.

Not true with SASL/GSSAPI. In that case, there should be *no* userPasswordattribute at all.


--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

References:
- I cannot auth against SASL
  - From: Friedrich Locke <friedrich.locke@gmail.com>
- Re: I cannot auth against SASL
  - From: Dieter Kluenter <dieter@dkluenter.de>

Prev by Date: Re: I cannot auth against SASL
Next by Date: userPassword
Index(es):
- Chronological
- Thread