A page in your DokuWiki was added or changed. Here are the details: Date : 2011/08/26 16:46 Browser : Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20100101 Firefox/6.0 IP-Address : 213.41.232.151 Hostname : dslm0.nerim.lyon.linagora.net Old Revision: http://ltb-project.org/wiki/documentation/general/sasl_delegation?rev=1314367066 New Revision: http://ltb-project.org/wiki/documentation/general/sasl_delegation Edit Summary: User : coudot
@@ -14,9 +14,9 @@ OpenLDAP is known to be able to use pass-trough authentication. This option should be compiled into it. If not, get the source and use this option in the configure step: <code> - ./configure --enable-spasswd + ./configure --enable-spasswd --with-cyrus-sasl </code> This will allow you to store password with this syntax in userPassword attribute: @@ -42,8 +42,56 @@ <note>This is the standard use case: the password is stored in a directory and other LDAP directories delegate authentication to it.</note> <note important>This chapter allows you to use several LDAP directories as authentication backend, but only for redundancy problems: all directories will have the same data inside. To see how use several directories with different data model, go to next chapter.</note> + + ==== Step 1: connection to the backend ==== + + You need to get all connection parameters to the authentication backend. An example with Active Directory: + * Server address: ldap://ad.example.com + * Bind DN: CN=Administrator,CN=Users,DC=example,DC=com + * Bind Password: ADpassword + * Users branch: CN=DomainUsers,DC=example,DC=com + + You can check these settings with an ldapsearch: + <code> + ldapsearch -x -H ldap://ad.example.com -D CN=Administrator,CN=Users,DC=example,DC=com -w ADpassword -b CN=DomainUsers,DC=example,DC=com + </code> + + === Step 2: configure saslauthd === + + First, check the your SASL daemon supports LDAP: + <code> + saslauthd -v + </code> + + If not, reinstall an LDAP aware saslauthd daemon. + + Then to activate LDAP as SASL mechanism: + + <code> + vi /etc/sysconfig/saslauthd + </code> + + <file> + # Directory in which to place saslauthd's listening socket, pid file, and so + # on. This directory must already exist. + SOCKETDIR=/var/run/saslauthd + + # Mechanism to use when checking passwords. Run "saslauthd -v" to get a list + # of which mechanism your installation was compiled with the ablity to use. + MECH=ldap + + # Additional flags to pass to saslauthd on the command line. See saslauthd(8) + # for the list of accepted flags. + FLAGS="-O /etc/saslauthd.conf" + </file> + + <note tip> + On RedHat systems, activate saslauthd on startup: + <code>chkconfig saslauthd on</code> + </note> + ===== Pass-Trough authentication on several LDAP directories ===== -- This mail was generated by DokuWiki at http://ltb-project.org/wiki/ _______________________________________________ ltb-changes mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-changes
