How may i know i setted SASL/GSSAPI correctly ?
Here is how i executed saslauthd:
saslauthd -a kerberos5 -cd -t 60 -n 2 -s 128
Here is a test:
sioux@gustav$ testsaslauthd -u sioux -p XYZ 0: OK "Success." sioux@gustav$
Is there something more i need to do ?
Thanks.
On Tue, Jun 28, 2011 at 3:04 PM, Quanah Gibson-Mount quanah@zimbra.com wrote:
--On Tuesday, June 28, 2011 3:02 PM -0300 Friedrich Locke friedrich.locke@gmail.com wrote:
Sorry folks,
please forgive me, i forgot to let you know i am using kerberos (SASL); so i bind via sasl mechanism not as the dn owned by me.
Thanks once more for your help.
If you have correctly set up SASL/GSSAPI, then when someone binds, they are mapped to their DN in the database, and the access rules I reported would work correclty.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration
--On Tuesday, June 28, 2011 3:10 PM -0300 Friedrich Locke friedrich.locke@gmail.com wrote:
How may i know i setted SASL/GSSAPI correctly ?
Here is how i executed saslauthd:
saslauthd -a kerberos5 -cd -t 60 -n 2 -s 128
Here is a test:
sioux@gustav$ testsaslauthd -u sioux -p XYZ 0: OK "Success." sioux@gustav$
Is there something more i need to do ?
I suggest you read the manual pages that ship with slapd, in particular the bits about authz-regexp, and use ldapsearch -Y GSSAPI to test the mappings.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
Am Tue, 28 Jun 2011 15:10:00 -0300 schrieb Friedrich Locke friedrich.locke@gmail.com:
How may i know i setted SASL/GSSAPI correctly ?
Here is how i executed saslauthd:
saslauthd -a kerberos5 -cd -t 60 -n 2 -s 128
Here is a test:
sioux@gustav$ testsaslauthd -u sioux -p XYZ 0: OK "Success." sioux@gustav$
Is there something more i need to do ?
[...]
Do not use saslauthd, just make use of openldap's own SASL framework.
-Dieter
Hey,
On Wed, Jun 29, 2011 at 4:41 AM, Dieter Kluenter dieter@dkluenter.de wrote:
Am Tue, 28 Jun 2011 15:10:00 -0300 schrieb Friedrich Locke friedrich.locke@gmail.com:
How may i know i setted SASL/GSSAPI correctly ?
Here is how i executed saslauthd:
saslauthd -a kerberos5 -cd -t 60 -n 2 -s 128
Here is a test:
sioux@gustav$ testsaslauthd -u sioux -p XYZ 0: OK "Success." sioux@gustav$
Is there something more i need to do ?
[...]
Do not use saslauthd, just make use of openldap's own SASL framework.
How ? Woud you mind clarifying me ?
-Dieter
-- Dieter Klünter | Systemberatung sip: 7770535@sipgate.de http://www.dpunkt.de/buecher/2104.html GPG Key ID:8EF7B6C6
Am Wed, 6 Jul 2011 21:15:59 -0300 schrieb Friedrich Locke friedrich.locke@gmail.com:
Hey,
On Wed, Jun 29, 2011 at 4:41 AM, Dieter Kluenter dieter@dkluenter.de wrote:
Am Tue, 28 Jun 2011 15:10:00 -0300 schrieb Friedrich Locke friedrich.locke@gmail.com:
How may i know i setted SASL/GSSAPI correctly ?
Here is how i executed saslauthd:
saslauthd -a kerberos5 -cd -t 60 -n 2 -s 128
Here is a test:
sioux@gustav$ testsaslauthd -u sioux -p XYZ 0: OK "Success." sioux@gustav$
Is there something more i need to do ?
[...]
Do not use saslauthd, just make use of openldap's own SASL framework.
How ? Woud you mind clarifying me ?
http://www.openldap.org/doc/admin24/sasl.html
-Dieter
On Tue, Jun 28, 2011 at 03:10:00PM -0300, Friedrich Locke wrote:
How may i know i setted SASL/GSSAPI correctly ?
Use ldapwhoami - authenticate with your chosen SASL mechanism, and it will tell you what your effective DN is.
Andrew
openldap-technical@openldap.org
-
Andrew Findlay -
Dieter Kluenter -
Friedrich Locke -
Quanah Gibson-Mount