Arturo 'Buanzo' Busleiman writes:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512Larry Moore wrote:It would be nice if the LDAP authentication would use SASL built into OpenLDAP instead of 'simple authentication' as I have Kerberos working.Sam, whenever you want to implement that, please let me know, I'd be more than happy to test everything on my domain.
Well, if OpenLDAP would actually have decent documentation, then I would. The existing documentation, well, isn't.
The existing courier-authlib code already invokes ldap_sasl_bind_s(), but here's the direct quote from the man page for ldap_sasl_bind:
SASL AUTHENTICATION
Description still under construction…
And the only reason that ldap_sasl_bind_s() is already used is because in
the current openldap build all other authentication functions are
deprecated. So they tell you to use ldap_sasl_bind, but don't document yet.
A rather lovely state of affairs. Google search actually finds a better set
of /IBM/'s documentation for the various LDAP functions, which tell me that
specifying the SASL authentication mechanism as NULL gives me the default
simple authentication -- which seems to work with openldap. And that's the
only reason LDAP authentication works now: because of IBM's documentation.
IBM's documentation also lists some real, predefined, SASL mechanisms, yet
openldap's header files have no mention of them.
pgp1xJeZRJbeI.pgp
Description: PGP signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
