To clarify one point: On Tue, Dec 12, 2006 at 12:51:27PM -0500, Adam Williams wrote: > > User Agent ---- zope site ---- LDAP [...] > > > Oh, and do you need to create the accounts through the site or is an > > offline tool acceptable? > > Eh? What are you talking about? Accounts are in LDAP, who cares how > you create them. If the accounts are not in LDAP then what are we > talking about? > > > One cannot, to my knowledge, create the secrets > > for file-based SASL c/r authentication through the LDAP. > > Don't use file-based SASL secrets. Put them in the Dit. SASL secrets > in a file are a PITA - you have to back them up, replicate them, etc... > And since you have an LDAP server sitting there...
The starting point of this discussion was how to use SASL authentication in OpenLDAP because Digest-MD5 or some such authentication mechanism was desired. To my knowledge, you just can't keep the required secrets for that in the DIT. You would have to fall back to password authentication. Thus we arrive at the admittedly insane situation of keeping accounts in the DIT but secrets for authentication in an external file (which needs to be managed somehow). --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
