Am Thu, 9 Oct 2014 13:51:33 +0000 schrieb "VANOLE, MICHAEL J" <mv5...@att.com>:
> Greetings, > > This might be more of an ldap question, but I’m going to try this > list. > > I use net ldap to create new users on Sun One Directory v7 (ODSEE), > and on openldap. > > With ODSEE I’m able to specify which sasl mechanism I want a user to > have like so: > > $adduser = $ldap->add( $user_dn, > attr => [ > 'uid' => $ldap_uid, > 'cn' => > "$ldap_last_name $ldap_first_name", 'givenname' > => $ldap_first_name, 'sn' => > $ldap_last_name, 'objectclass' => > ['top','person','organizationalPerson','inetorgperson'], > 'userpassword' => $userpass, > 'nsaccountlock' => 'false', > 'supportedsaslmechanisms' => > 'cn=default,cn=DIGEST-MD5,cn=identity mapping,cn=config' ]); > > With openldap this fails with a message about sasl mechanism can only > be applied to rootdse. I have several supported mechanisms I can > choose from. Part of the problem might be I don’t know the ‘cn’ for > them as I have above, so I tried this: > > $adduser = $ldap->add( $user_dn, > attr => [ > 'uid' => $ldap_uid, > 'cn' => > "$ldap_last_name $ldap_first_name", 'givenname' > => $ldap_first_name, 'sn' => > $ldap_last_name, 'objectclass' => > ['top','person','organizationalPerson','inetorgperson'], > 'userpassword' => $userpass, > 'supportedsaslmechanisms' => 'DIGEST-MD5' ]); > > Should this work with openldap if I had the full hierarchy path the > the sasl mechanism? What would that be on openldap if so? If OpenLDAP has been compiled with cyrus-sasl, sasl mechanism are declared in $HOME/sasl2/slapd.conf. On Linux this would be /usr/lib/sasl2/slapd.conf or /etc/sasl2/slapd.conf. Read the cyrus-sasl docs http://www.cyrusimap.org/docs/cyrus-sasl/2.1.25/sysadmin.php and openldap docs http://www.openldap.org/doc/admin24/sasl.html -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
