alex at milivojevic.org wrote:
>I don't have Fedora Directory Server installed (yet). However, there's one
>feature from OpenLDAP that is must-have before even attempting to play with
>FDS.
>
>In OpenLDAP, if I use string like "{SASL}username at REALM" as a value for
>userPassword attribute, and have "pwcheck_method: saslauthd" in
>/usr/lib/sasl2/slapd.conf, then OpenLDAP will use saslauthd to authenticate the
>user (passing it "username at REALM" and whatever password user supplied). I've
>read that FDS supports SASL, but does it support this feautre too?
>
>
Nope.
Is this a currently supported OpenLDAP feature ?
I ask because I vaguely remember some feature like
this being dropped on the basis that it was a stop-gap
until real SASL support was implemented. But I may
well be thinking of some similar but different feature.
FDS does support SASL but I think you'd need to
do some extra work to get it to work with the saslauthd
plugin. GSSAPI and EXTERNAL are the only two
'officially' supported SASL mechanisms.
