Da Rock wrote:
On Thu, 2009-04-02 at 09:59 +0200, Buchan Milne wrote:
On Wednesday 01 April 2009 10:44:56 Da Rock wrote:
On Wed, 2009-04-01 at 01:48 +0200, Michael Ströder wrote:
Da Rock wrote:
so I'm trying to work out how to setup the system to do a simple bind
ldapsearch -x -D <bind-DN>
I know that, thanks, but this is affecting other apps from obtaining data from the system. I can also just go ldapsearch -x for anonymous. It appears I'm all in or bust! Unless I can set it up so apps can do simple bind...
If you can do a simple bind (anonymous, or authenticated), there (in most cases) is nothing preventing other applications from doing simple binds. Having SASL support compiled in to the server does not prevent other applications for doing simple binds.
Maybe you should provide more information about the applications in question, and how they are configured.
(Note: In the past Apple's LDAP client software for Mac OS seems to use whichever SASL mechanisms are advertised by the LDAP server, but this again isn't about SASL support being compiled in or not).
Thats what I would have figured, yet I get no joy, nothing I can see out of the ordinary in the logs, and all the apps are auth types (courier, pam, postfix)- plus records for bind.
Bind doesn't bind to the ldap, and I'm trying to setup the others to do the same. Obviously, courier has to bind to confirm auth- but only as the user (not bind as courier, then again as the user).
Bind works: tested that myself. The others fail miserably.
I'm not entirely sure what else I need to add exactly, the platform is freebsd with openldap built with sasl from ports.
Before anyone suggests it, I already have a mail server running (postfix, courier); I want ldap as lookup source to ease administration. The pam is completely new to me, I'm following a lot of howtos on the web to compile a picture of how it all works.
Now as to pam, I thought it must be my ineptitude in configuration, so I put it on hold and moved to something easier. Unfortunately I hit a similar snag there with the imap auth, hence I looked at the ldapsearch angle. Seems I could be wrong there based on comments received....
Sorry, nothing in your postings gives enough information to help you.
Posting *relevant* excerpts of configuration and log files and some more information about the client applications is quite helpful.
Ciao, Michael.