我能够找到的有关启用 SASL 机制的所有信息仍然openldap使用该slapd.conf方法,而所有现代 LDAP 目录都选择在静态文件上使用 OLC。
有人知道如何将saslHost参数添加到 OLC 目录吗?看起来我在本地拥有的 SASL 机制比通过前端拥有的更多。我怎样才能启用清楚的通过前端进行身份验证?
scadmin@ubuntu1604:~$ ldapsearch -x -H ldapi:/// -b "" -LLL -s base supportedSASLMechanisms
dn:
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: EXTERNAL
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: NTLM
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: LOGIN
scadmin@ubuntu1604:~$ ldapsearch -x -H ldap://127.0.0.1 -b "" -LLL -s base supportedSASLMechanisms
dn:
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: NTLM
scadmin@ubuntu1604:~$
答案1
我能够使用以下命令启用这些机制LDIF:
dn: cn=config
changetype: modify
add: olcSaslHost
olcSaslHost: localhost
-
add: olcSaslSecProps
olcSaslSecProps: none
现在我支持的 SASL 机制如下所示:
scadmin@ldap-poc:~/ldap-assets$ ldapsearch -x -H ldapi:/// -b "" -LLL -s base supportedSASLMechanisms
dn:
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: EXTERNAL
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: NTLM
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: ANONYMOUS
scadmin@ldap-poc:~/ldap-assets$ ldapsearch -x -H ldap://127.0.0.1 -b "" -LLL -s base supportedSASLMechanisms
dn:
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: NTLM
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: ANONYMOUS