On Mon, Feb 20, 2006 at 09:33:46AM -0500, Francis Swasey wrote: > Folks, > Having been bitten by someone installing a SASL mechanism on a server > that also is one of my LDAP servers which was not configured (it > happened to be Red Hat decided this mechanism is required to have > sendmail on the system, but it could have been another sys admin).. I > am wondering why we have to play with "sasl-secprops" to tell slapd what > types of mechanisms are not wanted. > > Is there a problem with providing a "sasl-mechanisms" config option > that would list (GSSAPI, CRAM-MD5, etc) the specific mechanisms we > wanted to support?
That's a SASL configuration. Try creating this file: /usr/lib/sasl2/slapd.conf pwcheck_method: auxprop mech_list: DIGEST-MD5 CRAM-MD5 List the SASL mechanisms you want slapd to offer. If you intend to offer plain text mechanisms, then you will also have to use "sasl-secprops none" in slapd.conf.
