setup problems

[Dan White]

Francesco Grossi wrote:
> I've set up my prototype mechanism xmech (by writing xmech.c and
> xmech_init.c and creating libxmech.so & libxmech.la) and call it by the
> sample SASL Cyrus client and server so that client.c and server.c seem
> working fine (referencing -m x) when used alone: I've
> logged callback functions of my xmech.c and the following is recorded during
> login phase:
> xmech_client_plug_init
> xmech_client_mech_new
> xmech_client_mech_step
> xmech_server_mech_new
> xmech_server_mech_step
> xmech_server_mech_step.
>
> here's my problem:
> How can I instruct OpenLpap to call SASL and my xmech mechanism. When I log
> into OpenLDAP the native authentication takes place. How can I make OpenLDAP
> route authentication towards SALS (and SASL towards xmech)?
>
> I've benn through some web pages and got out something about slapd.conf and
> its sasl parameters, sasl-regexp in particular.
>

You can restrict which mechanisms are offered by configuring sasl_mech 
in your sasl slapd.conf (not to be confused with the OpenLDAP slapd.conf 
configuration file).

The default location for that file is in /usr/lib/sasl2/. It should be 
the location that was specified with the --with-configdir configure 
option when you compiled sasl.

The following would restrict your offered mechanims to xmech:

sasl_mech: xmech

However, if not specified, it should offer all installed mechanisms. I'd 
recommend running 'pluginviewer' on the server and client systems to 
verify the mechanism got installed. Also, you can do:

ldapsearch -x -H ldap://ldap.example.com -LLL -s "base" -b "" 
supportedSASLMechanisms

to find out if the server is offering the mechanism.

You can force ldapsearch to use a specific mechanism with the '-Y' 
option, or you can specify it in ~/.ldaprc (see man ldap.conf):

SASL_MECH xmech

Do not specify '-x' in your ldapsearch to force it to use SASL.

- Dan