On 11/17/15 18:38 +0100, Simone Piccardi wrote:
I'm trying to understand which values I can use for the sasl-auxprop directives and how to configure (if possible) sasl/slapd.conf.
That's a lot more painful to determine than it should be. Do:
# cat > <path>/sasl/pluginviewer.conf << EOF
ldapdb_uri: ldapi:/// sql_select: select foo from bar EOF
# pluginviewer -a Installed and properly configured auxprop mechanisms are: sasldb List of auxprop plugins follows Plugin "sasldb" , API version: 8 supports store: yes
On Debian based systems, use saslpluginviewer.
To this list, add 'slapd', which is the internal auxprop plugin, and subtract ldapdb, which should not be used within the slapd server.
I was trying to use the users created with slappasswd2 -c (as written in the Administration guide) but no sasldb file was open by the server (I straced out a full session). I tried to put an explicit configuration in sasl/slapd.conf, and stracing the server I saw it was open and read, but the configuration inside is just ignored.
The auxprop_plugin configuration parameter is ignored. Most/all other config statements will be honored.
Reading the manpage I found it says that sasl-auxprops "Specify which auxprop plugins to use for authentication lookups." and that the default is use the slapd internal support.
But I did not define this one, and sasl/slapd.conf still seems to be ignored. And no possible values for the available plugins to use as sasl-auxprops parameter are listed.
If you wish to use the sasldb database, specify the 'sasldb' auxprop plugin (via sasl-auxprops/olcSaslAuxprops), and maintain your authentication database with saslpasswd2.
I could get DIGEST-MD5 authentication working putting the password inside the server (userPassword in CLEARTEXT), so it seems that the default is used anyway. But I'd like to have it working using using sasldb or configuring sasl/slapd.conf to use saslauthd.
pwcheck_method is honored within sasl/slapd.conf.