Hi, Timo Felbinger <[EMAIL PROTECTED]> writes:
> Hello, > > what is the correct way to specify the list of allowed SASL mechanisms, > in an OpenLDAP-server using Cyrus-SASL? > > The cyrus-sasl documentation mentions the option mech_list, but I cannot > figure out where and how to specify this. Following some examples I found > on the net, I tried to include e.g. > sasl-mech_list: PLAIN > into my slapd.conf, which I hoped would disable all SASL mechanisms but > PLAIN, but it didn't have any effect: the server still allowed me to > authenticate using e.g. EXTERNAL authentication. There is now configuration option to declare valid SASL mechanisms, slapd will happily accept all available mechanisms. PLAIN is diabled except when used with a secure transport layer and on local socket, same applies to EXTERNAL. > I also tried to specify mech_list in a separate per-application config > file for the sasl library, > /usr/lib/sasl2/slapd.conf > but this file does not even get accessed by the server. > > What am I missing here? Reading the admin guide? > And: is there a way to obtain from the server a complete list of > authentication mechanisms which it is willing to accept? ldapsearch -x -H ldap://your.host -b "" -s base \ supportedSASLMechanisms -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6
