[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
RE: Changing root password on OpenLDAP Problem
- From: Aleksandar Milivojevic <alex milivojevic org>
- To: nahant-list redhat com
- Subject: RE: Changing root password on OpenLDAP Problem
- Date: Thu, 13 Oct 2005 14:13:15 -0500
Quoting Rik Herrin <rikherrin yahoo com>:
Kevin, Craig:
Thanks. It seems to be working now (I'm still going
to try out a few things). However, the solutions /
suggestsions you provided go around SASL
authentication. How would I get it to work with SASL
authentication in place? Thanks for your time...
The DN that you define via rootdn/rootpw options is treated specially
by slapd. It might have worked (maybe) with SASL if you used {MD5}
hash. Not sure. As I
said, rootdn has very special treatment by slapd and it should not be used (as
in removed from slapd.conf) once you have your LDAP database up and
running. It's there just to bootstrap things and help you get out of
deep s**t if you
screw-up something. Once you have your LDAP database bootstrapped, you should
create new admin DN that is defined inside database itself, and than you can
use whatever SASL mechanism you want with that new admin DN.
How to configure SASL is kinda broad. Very broad. Depends what you
want to do,
and depends if you clients support SASL to begin with.
Couple of hints (none of which might be what you actually want).
You might need to use sasl-regexp option to map SASL entities to LDAP
DNs. For
example something like (might not work for you, depends how you organized your
LDAP database):
sasl-regexp
uid=(.*),cn=foobar.com,cn=.*,cn=auth
ldap://ou=people,dc=foobar,dc=com??sub?(uid=$1)
You might also want to create /usr/lib/sasl2/slapd.conf file if you want slapd
to check passwords using saslauthd or some other mechanism, just like
you would
for example use Sendmail.conf file found in that same directory (you
would than
store '{SASL}user realm' in userPassword attribute, and also configure and run
saslauthd).
As I said, it all depends on what exactly you want to do. There are tons of
documentation and howtos around. Google is going to be your best
friend. Couple of links to get you started (you'll find much more if
you google around,
and probably more specific to your needs):
http://www.tldp.org/HOWTO/LDAP-HOWTO/
http://www.bayour.com/LDAPv3-HOWTO.html
http://www.ofb.net/~jheiss/krbldap/howto.html
Have fun,
Aleksandar Milivojevic
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]