Seau Yeen Su wrote:
- Yes, i am talking about SASL bind with password-based mechs. What do
you mean by in-directory passwords? Where are the in-directory passwords stored? How do i set userPassword attributes?
The userPassword attribute is an attribute like any other attribute within the user's directory entry.
See entry
- Again, what do you mean by the directory?
Well, simply your LDAP server with the database.
- Can you give an example of slapd.conf with configuration for a
digest-MD5 SASL authenticaion method? I am pretty lost now. All that you mention i have read before but i just don't know how to piece them all together.
Well, I don't want to be rude but you should probably do some more reading. I've attached a tar.gz with a testbed configuration I've prepared for SASL testing with the CAS SSO project. But judging from some of your questions it seems you might also be lost with this.
For, eg, if i set rootpw to admin, the password i provide when ldap prompts for password, should be "admin"?
Yes, then the password is simply "admin" and you should be able to use SASL/DIGEST-MD5 bind.
- What do you mean by grant access to users? Can you please explain more?
You should read about access control: http://www.openldap.org/doc/admin24/access-control.html http://www.openldap.org/faq/data/cache/189.html
Ciao, Michael.