2010/1/22 Michael Kindermann <[email protected]>:
> Hello,
>
> i'm trying to lsc-sync a openldap(standard debian lenny package) from
> Active Directiory. The Slapd uses sasl authentication per default.
> May I have Problem with the sasl-authentication on openldap.
> If yes, means I can't use a standard lenny package with lsc and have to
> compile my own without sasl? Which authentication mechanisms are
> available in lsc?
>
> Regards
> Michael
>
> Michael Kindermann
> Systemadministrator
>
Hi,
In fact, even if your OpenLDAP server supports SASL authentication,
LDAP entries store informations on how to resolve authentication. For
example, if your users are authenticated on OpenLDAP via SASL
mechanism to Active Directory, into their userPassword attribute they
should have a value in clear text like "{sasl}[email protected]". If
the synchronisation breaks these values (by overwriting them), then
users wouldn't be able to authenticate themselves via SASL.
So, you have to create a synchronisation task which will take care of
the userPassword attribute.
For example, into your general synchronisation task, you could force
the userPassword attribute to be created as you want. One of other
solutions could be to not synchronize the userPassword if your users
already exist into your OpenLDAP directory.
To be clear, you can do whatever you want on data during LSC
synchronisation. We just talk about data synchronization, and no
authentication mechanisms are involved because they depend of the LDAP
directory you use. So, if you want to respect a specific
authentication mechanism, you should build it during sync :)
I hope I could help you,
Thomas.
--
Thomas Chemineau
LemonLDAP::NG - http://lemonldap.ow2.org
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
