Asimananda Mohanty wrote:Generally that's a bad idea, since it exposes all of your SASL passwords to anyone who can access that machine or filesystem. Instead you should just make sure that slapd is running as a user that belongs to the same group as the sasldb file, or is the owner of the file.
I just changed the permission level of /etc/sasldb2 from 640 to 644 and
the command "ldapsearch -d8 -ZZ -b dc=ldap-company,dc=com
uid=asimananda" started working fine.
And of course, the better approach when using SASL is not to use a sasldb file at all, and just store the SASL secrets in the LDAP directory.
I have one more doubt. The above command works fine and accepts password
too but when I changed the option "-b" to "-D", it stopped working. I
read somewhere that -D should not be used with SASL. I am bit confused
about the same.
Thanks for being so helpful.
On Mon, Aug 31, 2009 at 6:59 PM, Matt Kassawara <email@example.com<mailto:firstname.lastname@example.org>> wrote:
I recommend reading section 15.2.3 through 15.2.6 of the OpenLDAP
2.4 administrator's guide.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/