A page in your DokuWiki was added or changed. Here are the details:
Date : 2011/08/26 17:03
Browser : Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20100101 Firefox/6.0
IP-Address : 213.41.232.151
Hostname : dslm0.nerim.lyon.linagora.net
Old Revision:
http://ltb-project.org/wiki/documentation/general/sasl_delegation?rev=1314370354
New Revision: http://ltb-project.org/wiki/documentation/general/sasl_delegation
Edit Summary:
User : coudot
@@ -124,8 +124,101 @@
In parameters ''ldap_search_base'' and ''ldap_filter'', you can use these
variables (example for SASL password user@domain):
* %u: user@domain
* %U: user
* %d: domain
+
+ Restart saslauthd:
+ <code>
+ service saslauthd restart
+ </code>
+
+ ==== Step 3: communication between OpenLDAP and saslauthd ====
+
+ The communication between the two daemons are done trough a mutex, configured
like this:
+
+ <code>
+ vi /usr/lib/sasl2/slapd.conf
+ </code>
+
+ <file>
+ pwcheck_method: saslauthd
+ saslauthd_path: /var/run/saslauthd/mux
+ </file>
+
+ ==== Step 4: OpenLDAP configuration ====
+
+ Edit OpenLDAP configuration to configure the SASL paramters:
+
+ <file>
+ sasl-host localhost
+ sasl-secprops none
+ </file>
+
+ Restart OpenLDAP.
+
+ ==== Step 5: be proud ====
+
+ Now we can use the pass-trough authentication. To test it, you need an
account in the backend, for example:
+ <file>
+ # Clement OUDOT, DomainUsers, example;com
+ dn: CN=Clement OUDOT,OU=DomainUsers,DC=example,DC=com
+ objectClass: top
+ objectClass: person
+ objectClass: organizationalPerson
+ objectClass: user
+ objectClass: inetOrgPerson
+ cn: Clement OUDOT
+ sn: OUDOT
+ givenName: Clement
+ distinguishedName: CN=Clement OUDOT,OU=DomainUsers,DC=example,DC=com
+ instanceType: 4
+ whenCreated: 20080617074258.0Z
+ whenChanged: 20080617081856.0Z
+ displayName: Clement OUDOT
+ uSNCreated: 77070
+ uSNChanged: 78687
+ name: Clement OUDOT
+ objectGUID:: TB3HuDzG8EOoUKBrMWRnyg==
+ userAccountControl: 66048
+ badPwdCount: 0
+ codePage: 0
+ countryCode: 0
+ badPasswordTime: 0
+ lastLogoff: 0
+ lastLogon: 0
+ pwdLastSet: 128581621788125000
+ primaryGroupID: 513
+ objectSid:: AQUAAAAAAAUVAAAAmtgimaPoR9Go86e7PQgAAA==
+ accountExpires: 9223372036854775807
+ logonCount: 0
+ sAMAccountName: coudot
+ sAMAccountType: 805306368
+ userPrincipalName: [email protected]
+ objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=com
+ </file>
+
+ You can test the SASL part with this command:
+ <code>
+ testsaslauthd -u coudot -p password
+ </code>
+
+ Then create an account in OpenLDAP, for example:
+ <file>
+ dn: uid=coudot,ou=users,dc=example,dc=com
+ objectClass: inetOrgPerson
+ objectClass: organizationalPerson
+ objectClass: person
+ objectClass: top
+ uid: coudot
+ cn: Clement OUDOT
+ sn: OUDOT
+ userPassword: {SASL}[email protected]
+ </file>
+
+ Now you can bind to OpenLDAP with AD password:
+ <code>
+ ldapsearch -x -H ldap://ldap.example.com -b dc=example,dc=com -D
uid=coudot,ou=users,dc=example,dc=com -w password
+ </code>
===== Pass-Trough authentication on several LDAP directories =====
--
This mail was generated by DokuWiki at
http://ltb-project.org/wiki/
_______________________________________________
ltb-changes mailing list
[email protected]
http://lists.ltb-project.org/listinfo/ltb-changes
