Benjamin Smee wrote: >>Chris S wrote: >> >>>Hi all, >>> >>>Quick (hopefully) question: >>>If I'm setting up a server to authenticate everything via ldap, do I >>>need sasl? Yes > > > You don't NEED sasl for ldap related authentication at all. The issue is more > that a lot of things, eg cyrus / postfix can use sasl layers to talk to ldap, > eg cyrus-sasl provides saslauthd which is how cyrus would talk to your ldap > server for authentication / authorization information. This is also true of > ldap clients that can also use sasl to auth to the ldap server using mechs > like cram / digest. This is very theoretical. As a matter of fact you will not be able to build openldap without SASL and AFAIK it's part of the LDAPv3 spec (digest-md5 or cram-md5). > > >>>I thought sasl, apart from being a security layer, was another db to >>>hold users? It's mostly a security layer and apart from the security layer plugins you'll have some for persistent storage like mysql, ldap and sasldb. It wouldn't make much sense without storing passwords somewhere right?
cheers Paul -- [email protected] mailing list
