Pascal Gienger wrote:
Dan White <dwhite@xxxxxxx> wrote:
Some suggestions: In the case sasl requests an attribute from your
auxprop store that doesn't match the configured userPassword attribute,
go ahead and pass it up. I'm getting this error while attempting an OTP
authentication (IMAP):
giengerldap skip property: *cmusaslsecretOTP
Your OTPs are stored in sasldb, right?
Actually I'm currently storing all auxprop attributes in ldap via
ldapdb. See:
http://tools.ietf.org/html/draft-melnikov-sasl-auxprop-attrs-00
for a schema I include in my LDAP server. Currently, I only use
userPassword and cmusaslsecretOTP in my environment.
I set userPasswords and OTP secrets via a command like this:
echo mysecret | /usr/sbin/saslpasswd2 -a btc user@xxxxxxxxxxx
where the contents of /usr/lib/sasl2/btc.conf is:
auxprop_plugin: ldapdb
ldapdb_uri: ldap://ldap.example.net
ldapdb_mech: GSSAPI
ldapdb_pw_method: exop
- Dan
