directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Claus-Justus Heine <>
Subject Re: SASL PlAIN not possible?
Date Thu, 03 Aug 2017 20:57:14 GMT

kind thanks for your efforts.

Actually, I stumbled over SASL / PLAIN as GSSAPI (at least in my setup)
does not seem to work on OSX with Java applications, in particular
ApacheDS. One hack around was a pass-through userPassword entry + Cyrus
saslauthd which in turn used Kerberos in order to authenticate with the KDC.

Of course, I can always use the full bind-dn and anonymous, but being
able to map the SASL-username to the desired bind DN in the LDAP-server
is more convenient.

Cheers, Claus

Am 03.08.2017 um 16:59 schrieb Emmanuel Lécharny:
> Le 03/08/2017 à 15:56, Claus-Justus Heine a écrit :
>> Hi,
>> thank you for your answer and for looking into it. I would rather not start to
>> dig in to the Studio source code even though theoretically I would have the
>> programming skills for doing so. If it happens to be implement anyway for some
>> reason "on the fly" then I could of course do some testing, of course.
> Don't worry. I have had a look yesterday about the SASL plain mechanism,
> which is supported by ApacheDS, and partly by teh Apache LDAP API (but
> not in a convenient way). Studio is just using the Apache LDAP API, so
> adding the missing field (authzid) is not really complex). I may give it
> a chance tonite or this week-end.
> In any case, PLAIN and ANONYMOUS SASL mechanisms are not really supposed
> to be supported by LDAP servers, as they are duplicates of the soimple
> and anonymous bind.
> I'll let you know if I have a package to test as soon as it's ready.
> Keep checking this list :-)

Claus-Justus Heine            

Schatzmeister der Camerata Academica Freiburg e.V.  ---

View raw message