Hi, kind thanks for your efforts.
Actually, I stumbled over SASL / PLAIN as GSSAPI (at least in my setup) does not seem to work on OSX with Java applications, in particular ApacheDS. One hack around was a pass-through userPassword entry + Cyrus saslauthd which in turn used Kerberos in order to authenticate with the KDC. Of course, I can always use the full bind-dn and anonymous, but being able to map the SASL-username to the desired bind DN in the LDAP-server is more convenient. Cheers, Claus Am 03.08.2017 um 16:59 schrieb Emmanuel Lécharny: > > > Le 03/08/2017 à 15:56, Claus-Justus Heine a écrit : >> Hi, >> >> thank you for your answer and for looking into it. I would rather not start >> to >> dig in to the Studio source code even though theoretically I would have the >> programming skills for doing so. If it happens to be implement anyway for >> some >> reason "on the fly" then I could of course do some testing, of course. > > Don't worry. I have had a look yesterday about the SASL plain mechanism, > which is supported by ApacheDS, and partly by teh Apache LDAP API (but > not in a convenient way). Studio is just using the Apache LDAP API, so > adding the missing field (authzid) is not really complex). I may give it > a chance tonite or this week-end. > > In any case, PLAIN and ANONYMOUS SASL mechanisms are not really supposed > to be supported by LDAP servers, as they are duplicates of the soimple > and anonymous bind. > > I'll let you know if I have a package to test as soon as it's ready. > Keep checking this list :-) > -- Claus-Justus Heine hims...@claus-justus-heine.de http://www.claus-justus-heine.de/ Schatzmeister der Camerata Academica Freiburg e.V. --- www.cafev.de
