Howard Chu wrote, On 2011-11-14 16:15:
Chris Lee wrote:
Dear all,
I am a newbie to OpenLDAP.
I would like to know whether OpenLDAP can interface with other authentication method. For example, finger print authentication.
OpenLDAP relies on SASL for pluggable authentication mechanisms. Since SASL is extensible, new mechs should just be implemented there (which thus allows them to be used by any other applications that are also SASL-enabled, such as IMAP servers or whatever...)
On 14/11/11 18:19 +0800, Chris Lee wrote:
Dear Howard,
If the fingerprint authentication provides API, can it be invoked from OpenLDAP and how?
Thanks in advance for all your helps.
You could implement a new SASL (RFC 4422) mechanism by creating a new shared library within the Cyrus SASL code, which would then be usable via slapd, and any other software which links against Cyrus.
For Cyrus SASL developer documentation, see:
http://www.cyrussasl.org/docs/cyrus-sasl/2.1.25/plugprog.php http://www.cyrussasl.org/docs/cyrus-sasl/2.1.25/programming.php
The implementation would not require any changes to the OpenLDAP code. It would be invoked by specifying the new mechanism - e.g. via the '-Y' option when using the OpenLDAP client utilities.
You can direct any additional questions to the cyrus-sasl mailing list at:
http://www.cyrussasl.org/mediawiki/index.php/Cyrus_Mailing_Lists