Difference between revisions of "TSLAuth"
(New page: On saco1: Install slapd, sasl2-bin (for saslauthd) == Slapd Configuration == /etc/ldap/slapd.conf (slapd configuration file): Nothing special required. == SASL2 and Saslauthd Configurat...) |
|||
| Line 1: | Line 1: | ||
| + | |||
| + | This document is based on information at http://www.openldap.org/doc/admin24/security.html#Pass-Through%20authentication | ||
| + | |||
On saco1: | On saco1: | ||
| Line 5: | Line 8: | ||
== Slapd Configuration == | == Slapd Configuration == | ||
/etc/ldap/slapd.conf (slapd configuration file): Nothing special required. | /etc/ldap/slapd.conf (slapd configuration file): Nothing special required. | ||
| + | |||
| + | To run the maximum debugging: | ||
| + | |||
| + | slapd -g openldap -u openldap -f /etc/ldap/slapd.conf -d 65535 | ||
| + | |||
| + | Create a user object and set the userPassword attribute to {SASL}username where username is the username on the remote LDAP system. | ||
== SASL2 and Saslauthd Configuration == | == SASL2 and Saslauthd Configuration == | ||
Revision as of 13:53, 22 December 2009
This document is based on information at http://www.openldap.org/doc/admin24/security.html#Pass-Through%20authentication
On saco1:
Install slapd, sasl2-bin (for saslauthd)
Slapd Configuration
/etc/ldap/slapd.conf (slapd configuration file): Nothing special required.
To run the maximum debugging:
slapd -g openldap -u openldap -f /etc/ldap/slapd.conf -d 65535
Create a user object and set the userPassword attribute to {SASL}username where username is the username on the remote LDAP system.
SASL2 and Saslauthd Configuration
/usr/lib/sasl2/slapd.conf (libsasl2 configuration file):
mech_list: plain pwcheck_method: saslauthd saslauthd_path: /var/run/saslauthd/mux
Notes: - When userPassword attribute begins with {SASL} slapd passes authentication over the the libsasl2 libraries. - chmod a+rx /var/run/saslauthd and /etc/init.d/apparmor stop so that slapd can read the saslauthd socket - Note
/etc/saslauthd.conf:
ldap_servers: ldap://callisto.cs.uct.ac.za/ ldap_version: 3 ldap_search_base: ou=people,dc=cs,dc=uct,dc=ac,dc=za ldap_scope: sub ldap_auth_method: bind ldap_filter: (uid=%u)
