mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-21 03:10:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

Updated example for OpenLDAP 2.1.13 SASL/EXTERNAL on ldapi://

Browse Source
This commit is contained in:
Howard Chu 2003-02-26 17:14:06 +00:00
parent baa5c88d75
commit dd3157bbe9
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
contrib/ldapsasl/README
View File

@ -48,3 +48,19 @@ better for a real production environment. Please send feedback via the
openldap-software mailing list for now.
-- Howard Chu, 2002-07-12
Update... With OpenLDAP 2.1.13 you can use SASL/EXTERNAL on ldapi://.
This is fast and secure, and needs no username or password to be stored.
The SASL config file is just
ldapdb_uri: ldapi://
ldapdb_mech: EXTERNAL
The slapd.conf will need to map these usernames to LDAP DNs:
sasl-regexp uidNumber=(.*)\\+gidNumber=(.*),cn=peercred,cn=external,cn=auth
ldap:///dc=example,dc=com??sub?(&(uidNumber=$1)(gidNumber=$2))
sasl-regexp uid=(.*),cn=external,cn=auth
ldap:///dc=example,dc=com??sub?(uid=$1)