使用 OLC 在 openLDAP 中启用 SASL 身份验证机制

使用 OLC 在 openLDAP 中启用 SASL 身份验证机制

我能够找到的有关启用 SASL 机制的所有信息仍然openldap使用该slapd.conf方法,而所有现代 LDAP 目录都选择在静态文件上使用 OLC。

有人知道如何将saslHost参数添加到 OLC 目录吗?看起来我在本地拥有的 SASL 机制比通过前端拥有的更多。我怎样才能启用清楚的通过前端进行身份验证?

scadmin@ubuntu1604:~$ ldapsearch -x -H ldapi:/// -b "" -LLL -s base supportedSASLMechanisms
dn:
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: EXTERNAL
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: NTLM
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: LOGIN

scadmin@ubuntu1604:~$ ldapsearch -x -H ldap://127.0.0.1 -b "" -LLL -s base supportedSASLMechanisms
dn:
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: NTLM

scadmin@ubuntu1604:~$

答案1

我能够使用以下命令启用这些机制LDIF

dn: cn=config
changetype: modify
add: olcSaslHost
olcSaslHost: localhost
-
add: olcSaslSecProps
olcSaslSecProps: none

现在我支持的 SASL 机制如下所示:

scadmin@ldap-poc:~/ldap-assets$ ldapsearch -x -H ldapi:/// -b "" -LLL -s base supportedSASLMechanisms
dn:
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: EXTERNAL
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: NTLM
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: ANONYMOUS

scadmin@ldap-poc:~/ldap-assets$ ldapsearch -x -H ldap://127.0.0.1 -b "" -LLL -s base supportedSASLMechanisms
dn:
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: NTLM
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: ANONYMOUS

相关内容