---------- Forwarded message ---------- From: Michael Kindermann <[email protected]> Date: 2010/1/25 Subject: AW: [lsc-users] sasl authentication with lsc To: Thomas Chemineau <[email protected]>
Thank you Thomas, i was on the wrong track. I thought I must use SASL for authentication during syncronisation. Now I figured out, I can also use simple authentication. Yes I'm new to ldap. Thanks for your answer, it made me see the tree in the forrest. Greets Michael Kindermann ---- Michael Kindermann Systemadministrator Tel. 35 ---------- Message transféré ---------- From: "Thomas Chemineau" <[email protected]> To: "Michael Kindermann" <[email protected]> Date: Fri, 22 Jan 2010 14:43:04 +0100 Subject: Re: [lsc-users] sasl authentication with lsc 2010/1/22 Michael Kindermann <[email protected]>: > Hello, > > i'm trying to lsc-sync a openldap(standard debian lenny package) from > Active Directiory. The Slapd uses sasl authentication per default. > May I have Problem with the sasl-authentication on openldap. > If yes, means I can't use a standard lenny package with lsc and have to > compile my own without sasl? Which authentication mechanisms are > available in lsc? > > Regards > Michael > > Michael Kindermann > Systemadministrator > Hi, In fact, even if your OpenLDAP server supports SASL authentication, LDAP entries store informations on how to resolve authentication. For example, if your users are authenticated on OpenLDAP via SASL mechanism to Active Directory, into their userPassword attribute they should have a value in clear text like "{sasl}[email protected]". If the synchronisation breaks these values (by overwriting them), then users wouldn't be able to authenticate themselves via SASL. So, you have to create a synchronisation task which will take care of the userPassword attribute. For example, into your general synchronisation task, you could force the userPassword attribute to be created as you want. One of other solutions could be to not synchronize the userPassword if your users already exist into your OpenLDAP directory. To be clear, you can do whatever you want on data during LSC synchronisation. We just talk about data synchronization, and no authentication mechanisms are involved because they depend of the LDAP directory you use. So, if you want to respect a specific authentication mechanism, you should build it during sync :) I hope I could help you, Thomas. -- Thomas Chemineau LemonLDAP::NG - http://lemonldap.ow2.org -- Thomas Chemineau LemonLDAP::NG - http://lemonldap.ow2.org _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
