Arturo 'Buanzo' Busleiman writes:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Larry Moore wrote:
It would be nice if the LDAP authentication would use SASL built into
OpenLDAP instead of 'simple authentication' as I have Kerberos working.
Sam, whenever you want to implement that, please let me know, I'd be more than
happy to test
everything on my domain.
Well, if OpenLDAP would actually have decent documentation, then I would.
The existing documentation, well, isn't.
The existing courier-authlib code already invokes ldap_sasl_bind_s(), but
here's the direct quote from the man page for ldap_sasl_bind:
SASL AUTHENTICATION
Description still under construction…
And the only reason that ldap_sasl_bind_s() is already used is because in
the current openldap build all other authentication functions are
deprecated. So they tell you to use ldap_sasl_bind, but don't document yet.
A rather lovely state of affairs. Google search actually finds a better set
of /IBM/'s documentation for the various LDAP functions, which tell me that
specifying the SASL authentication mechanism as NULL gives me the default
simple authentication -- which seems to work with openldap. And that's the
only reason LDAP authentication works now: because of IBM's documentation.
IBM's documentation also lists some real, predefined, SASL mechanisms, yet
openldap's header files have no mention of them.
17 messages in net.sourceforge.lists.courier-usersRe: [courier-users] authldap against ...
