Hey List- I've been grappling with getting openldap running so I can use it work with a Postfix / Courier toaster setup and I'm running into some questions / issues. Some of these maybe conceptual. If anyone has some good looks to docs / walkthroughs that would be cool too. I've read the Openldap admin docs and the SASL html docs and am still a tad confused.
Google searches give a lot of data, but a lot of it seems to be outdated or just have missing parts. my setup: freebsd 6-stable with everything installed from ports cyrus-sasl-2.1.21_1 cyrus-sasl-ldapdb-2.1.21 cyrus-sasl-saslauthd-2.1.21 openldap-sasl-client-2.3.11 openldap-server-2.3.11 Now, I actually do have slapd running, but I was wanting a few clarifications on things. a) Does there need to be any further configuration of sasl for this? I have seen mention of the need to edit the sasl2/sample.conf file or create it? and also the sas2l/slapd.conf file ... but what would need to go in there? I'm guessing: pwcheck_method: auxprop mech_list: digest-md5 This would force applications trying to authenticate to look for a userPassword field which would have plaintext versions of said passwords? b) saslauthd: do I need it? Readings some of the docs (the sysadmin.html SASL) it seems that this won't work when trying to authenticate users via digest-md5 mechanism, correct? c) postfix would require sasl2/smtpd.conf file? would that have a auxprop pwcheck_method and then define a ldapdb as the mechanism? Is there anywhere that explains the command options that can go in these conf files? the sysadmin.html guide has the values, but doesn't explain the commands (ie: pwcheck_method ) very clearly :) Thanks list. Feel free to make security pointers or "better idea" pointers and RTFM comments as long as you point me at the right manual :) Henrik -- Henrik Hudson [EMAIL PROTECTED] ------------------------------ "God, root, what is difference?" Pitr; UF (http://www.userfriendly.org/) --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
