Updated example for OpenLDAP 2.1.13 SASL/EXTERNAL on ldapi://

author Howard Chu <hyc@openldap.org>

Wed, 26 Feb 2003 17:14:06 +0000 (17:14 +0000)

committer Howard Chu <hyc@openldap.org>

Wed, 26 Feb 2003 17:14:06 +0000 (17:14 +0000)
author Howard Chu <hyc@openldap.org>
Wed, 26 Feb 2003 17:14:06 +0000 (17:14 +0000)
committer Howard Chu <hyc@openldap.org>
Wed, 26 Feb 2003 17:14:06 +0000 (17:14 +0000)
diff --git a/contrib/ldapsasl/README b/contrib/ldapsasl/README

index 36c3f6b9902cb48ac1cd0922b4e595cf01ba9bb4..db8d31e11751f63ad15a94c3bf9573b648383946 100644 (file)
--- a/contrib/ldapsasl/README
+++ b/contrib/ldapsasl/README
@@ -48,3 +48,19 @@ better for a real production environment. Please send feedback via the
  openldap-software mailing list for now.
  
    -- Howard Chu, 2002-07-12
+
+Update... With OpenLDAP 2.1.13 you can use SASL/EXTERNAL on ldapi://.
+This is fast and secure, and needs no username or password to be stored.
+The SASL config file is just
+
+ldapdb_uri: ldapi://
+ldapdb_mech: EXTERNAL
+
+The slapd.conf will need to map these usernames to LDAP DNs:
+
+sasl-regexp uidNumber=(.*)\\+gidNumber=(.*),cn=peercred,cn=external,cn=auth
+       ldap:///dc=example,dc=com??sub?(&(uidNumber=$1)(gidNumber=$2))
+
+sasl-regexp uid=(.*),cn=external,cn=auth
+       ldap:///dc=example,dc=com??sub?(uid=$1)
+
author	Howard Chu <hyc@openldap.org>
	Wed, 26 Feb 2003 17:14:06 +0000 (17:14 +0000)
committer	Howard Chu <hyc@openldap.org>
	Wed, 26 Feb 2003 17:14:06 +0000 (17:14 +0000)