[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: sasl-auxprop (and sasl/slapd.conf)
On 11/17/15 18:38 +0100, Simone Piccardi wrote:
I'm trying to understand which values I can use for the sasl-auxprop
directives and how to configure (if possible) sasl/slapd.conf.
That's a lot more painful to determine than it should be. Do:
# cat > <path>/sasl/pluginviewer.conf << EOF
ldapdb_uri: ldapi:///
sql_select: select foo from bar
EOF
# pluginviewer -a
Installed and properly configured auxprop mechanisms are:
sasldb
List of auxprop plugins follows
Plugin "sasldb" , API version: 8
supports store: yes
On Debian based systems, use saslpluginviewer.
To this list, add 'slapd', which is the internal auxprop plugin, and
subtract ldapdb, which should not be used within the slapd server.
I was trying to use the users created with slappasswd2 -c (as written in
the Administration guide) but no sasldb file was open by the server (I
straced out a full session). I tried to put an explicit configuration in
sasl/slapd.conf, and stracing the server I saw it was open and read, but
the configuration inside is just ignored.
The auxprop_plugin configuration parameter is ignored. Most/all other
config statements will be honored.
Reading the manpage I found it says that sasl-auxprops "Specify which
auxprop plugins to use for authentication lookups." and that the default
is use the slapd internal support.
But I did not define this one, and sasl/slapd.conf still seems to be
ignored. And no possible values for the available plugins to use as
sasl-auxprops parameter are listed.
If you wish to use the sasldb database, specify the 'sasldb' auxprop plugin
(via sasl-auxprops/olcSaslAuxprops), and maintain your authentication
database with saslpasswd2.
I could get DIGEST-MD5 authentication working putting the password inside
the server (userPassword in CLEARTEXT), so it seems that the default is
used anyway. But I'd like to have it working using using sasldb or
configuring sasl/slapd.conf to use saslauthd.
pwcheck_method is honored within sasl/slapd.conf.
--
Dan White