replacing simple auth in slapd with saslauthd
Hello,
I try to replace simple auth in slapd with saslauthd.
So far everything is in place and works as expected.
I installed and configured saslauthd.
and a
/usr/sbin/testsaslauthd -p xxxxx -u xxxxxxx
works without any problems
I added the ldap user to the sasl group so it can read and write to /var/run/saslauthd/mux
sasl works too
kinit username
followed by a ldapwhoami works
I put into
/usr/lib/sasl2/slapd.conf :
#####
pwcheck_method: saslauthd
#####
I also tried to put sasld.conf int /etc/ldap/sasl2/
all to no avail.
if I use simple authentication like in
ldapsearch -x -W ....
it still uses the internal ldap password authentication, not the sasl method
ah yes a
ldapsearch -LLL -s base -b "" -x supportedSaslMechanisms
dn:
supportedSASLMechanisms: ANONYMOUS
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: NTLM
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: DIGEST-MD5
lists both Plain and login as sasl methods, so that should work.
also if you put into
/etc/ldap/ldap.conf
....
SASL_MECH LOGIN
....
and make a ldapsearch -W ...
then it uses saslauthd.
How can I make slapd use saslauthd instead of the internal password authentication?
Thanks
Henning
--
Henning Follmann | hfollmann@itcfollmann.com
it consultant | www.itcfollmann.com
Reply to: