[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

Information about SASL and LDAP



Hello,

I had some email contact with Patrick-Ben Koetter and we both tried to figure out some SASL configuration. We came to a point, where he gave me this mailing list address and told me, I could meet Dan White here.

To speak for myself: I have the following situation:

A running Postfix server with cyrus sasl (module ldapdb). The ldapdb connects to my LDAP server, which has passwords in cleartext in the userPassword attribute. This is a working setup, but sure you guess, I do not really like cleartext passwords in the database.

Yet we could not find out, if it is possible to create LDAP schema attrbutes like:

cmusaslsecretCRAM-MD5
cmusaslsecretDIGEST-MD5 and
cmusaslsecretNTLM

Is there some place for the saslpasswd2.conf configuration file? Could someone please show me, how this file must look like for ldapdb? In this case also interesting: Does it support SASL/EXTERNAL for certificate based authentication/authorization to the LDAP-server?

If this is easy to do, my final question goes like this:

Can I remove the userPassword attribute after adding the new attributes? And is a mail client (Thunderbird, Outlook, ...) still be able to do _any_ kind of authentication (Postfix does allow PLAIN over TLS). If the client would do NTLM, and there is no more cleartext password in the LDAP database; how can SASL do its job? I do not fully understand, how both sides can have CRAM-MD5 or NTLM i.e. and still check passwords? I guess my understanding about SASL and the attributes seen above lacks some information ;-)

Hope I could describe my/our problem clear enough and I really thank a lot in advance for any kind of help on this topic.

Best wishes
Christian
---
Roessner-Network-Solutions
Bachelor of Science Informatik
Nahrungsberg 81, 35390 Gießen
F: +49 641 33055572, M: +49 176 93118939
USt-IdNr.: DE225643613
http://www.roessner-network-solutions.com

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail


[Video For Linux]     [Photos]     [Yosemite News]    [Yosemite Photos]     [gtk]     [KDE]     [Info Cyrus]     [Gimp on Windows]     [Steve's Art]     [Script Fu]

Powered by Linux