replacing simple auth in slapd with saslauthd

To: debian-user@lists.debian.org
Subject: replacing simple auth in slapd with saslauthd
From: Henning Follmann <hfollmann@itcfollmann.com>
Date: Sun, 23 Sep 2007 16:03:20 -0400
Message-id: <[🔎] 20070923200320.GA6803@newton.itcfollmann.com>

Hello,
I try to replace simple auth in slapd with saslauthd.
So far everything is in place and works as expected.
I installed and configured saslauthd.
and a 
/usr/sbin/testsaslauthd -p xxxxx -u xxxxxxx
works without any problems
I added the ldap user to the sasl group so it can read and write to /var/run/saslauthd/mux
sasl works too
kinit username
followed by a ldapwhoami works
I put into
/usr/lib/sasl2/slapd.conf :
#####
pwcheck_method: saslauthd
#####
I also tried to put sasld.conf int /etc/ldap/sasl2/

all to no avail.
if I use simple authentication like in
ldapsearch -x -W ....
it still uses the internal ldap password authentication, not the sasl method

ah yes a 
ldapsearch -LLL -s base -b "" -x supportedSaslMechanisms
dn:
supportedSASLMechanisms: ANONYMOUS
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: NTLM
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: DIGEST-MD5

lists both Plain and login as sasl methods, so that should work.
also if you put into 
/etc/ldap/ldap.conf
....
SASL_MECH LOGIN
....
and make a ldapsearch -W ...
then it uses saslauthd.

How can I make slapd use saslauthd instead of the internal password authentication?

Thanks
Henning



-- 
Henning Follmann           | hfollmann@itcfollmann.com
it consultant              | www.itcfollmann.com

Reply to:

Prev by Date: Re: SELinux Suggestion
Next by Date: Re: ls sort order: new, bad, behaviour
Previous by thread: Re: Etch-backports and gpg problems (SOLVED)
Next by thread: Is there a GNOME 2.20 theme available?
Index(es):
- Date
- Thread