Dear list,
First of all thank you for all the comments on this problem.
It seems currently the ldap implementation of evolution is blamed, which is something I can not agree with.
At this moment, I can connect to my ldap server from Evolution, authenticated. I have to enter a username and a password in my evo settings, which one way or another is communicated to openldap, which then checks this un/pw combo and considers it valid to give the information.
So from my pov, the combination evo/openldap is working, and they are communicating well. So in that respect evo is not the problem here, as it supports at least one protocol to communicate authentication credits to openldap.
Now basically the problem is that ldap is using the wrong authentication type. Wrong as in not the one that I want it to use. It is using it's own, internal authentication - this I want to change to an external system. It seems I need something like you guys call 'pass-through authentication'. And what I learnt over the last year or so when I looked more into this and related matter, Linux provides sasl and pam as general authentication libs, designed exactly for this purpose. Sasl and pam even can talk to each other.
It seems openldap supports sasl for this purpose, great. Today I don't have time but over the weekend or next week I'm simply going to dig into it again and see what happens. I have the idea I'm close to getting it to work, just some small bits and pieces.
And then the next step is going to be tls, which for some reason also refuses to work for me :(
Wouter.
On Thu, 2010-09-09 at 19:41 +0200, Dieter Kluenter wrote:
Wouter van Marle wouter@squirrel-systems.com writes:
On 9 Sep 10, at 21:47, Dan White wrote:
On 09/09/10 12:47 +0800, Wouter van Marle wrote:
[...]
Most important difference is that pam is not mentioned here. But then from other mails I understand that slapd only wants to use saslauthd and not pam.
[...]
No, slapd doesn't want saslauthd, nor pam, it is just a hack. Please do not use saslauthd authentication agent in a kerberized environment. Make use of proper nativ sasl mechanism.
-Dieter