A.3. Using SASL with LDAP Client Tools
ldapmodify. For example:
ldapsearch -O noplain,minssf=1,maxbufsize=512 -Y GSSAPI -U "dn:uid=jsmith,ou=people,dc=example,dc=com" -R EXAMPLE.COM ...
authzidvalue supplied by the client.
- The authentication method, in this example GSS-API
- The user as whom you are authenticating (the authorization ID)
authidand maps that entry back to an entry in the Directory Server. If the
authidis defined as a DN (as in
authid=dn:DN), this is done simply by matching the DN. It is also possible to use a user name or a part of a DN, and these can be mapped to the directory entry using SASL identity mappings.
Table A.2. LDAP Client Tool SASL Parameters
|-O||Optional. Sets the security properties for the connection.|| |
CRAM-MD mechanism only:
|-R||Gives the Kerberos realm.||Depends on the mechanism.|
|-U||Gives the ID used to authenticate to the server.|| |
|-Y||Sets the SASL authentication mechanism to use.|| |