[DOCS-12947] Configuring both setParameter.saslauthdPath and security.ldap.servers clarification and results Created: 08/Aug/19 Updated: 13/Nov/23 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | manual, Server |
| Affects Version/s: | None |
| Fix Version/s: | Backlog, Server_Docs_20231030, Server_Docs_20231106, Server_Docs_20231105, Server_Docs_20231113 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Jack Alder | Assignee: | Unassigned |
| Resolution: | Won't Do | Votes: | 1 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Participants: | |||||||||||||
| Days since reply: | 1 year, 14 weeks, 2 days ago | ||||||||||||
| Epic Link: | DOCSP-1769 | ||||||||||||
| Description |
| Comments |
| Comment by Education Bot [ 31/Oct/22 ] |
|
Hello! This ticket has been closed due to inactivity. If you believe this ticket is still important, please reopen it and leave a comment to explain why. Thank you! |
| Comment by Danny Hatcher (Inactive) [ 31/Dec/19 ] |
|
So after Spencer's comment, I believe the proposed change of
should instead be
Giving to the real docs team now. |
| Comment by Spencer Jackson [ 23/Dec/19 ] |
|
nicholas.cottrell, a fair request. I've filed |
| Comment by Spencer Jackson [ 03/Dec/19 ] |
|
Be aware, that there is both LDAP authentication and LDAP authorization. LDAP authentication can be accomplished through either Cyrus SASL's saslauthd or our native LDAP authentication implementation. These are mutually exclusive. LDAP authorization can only be performed using our native LDAP implementation. LDAP authorization can be used in conjunction with either implementation of LDAP authentication. There are some complex scenarios when it may be desirable for a deployment to use saslauthd for authentication and our native LDAP authorization. If during authentication a saslauthdPath is set, the server will rely on saslauthd to perform authentication. If we are only using LDAP for authentication, that is end of story, as use of saslauthd precludes native LDAP authentication. However, if configured to use LDAP authorization, a server which has just used saslauthd may then use its native LDAP implementation to acquire the user's roles for authorization. |
| Comment by Nic Cottrell [ 03/Dec/19 ] |
|
jack.alder - Actually, I just created |