[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SASL authentication, DIGEST-MD5 mechanism (ITS#2685)
The behavior your describe is intended. That is, the authzDN
need not refer to a entry presently held in the directory.
HEAD includes documentation updates in this area. If more is
needed, please feel free to offer specific suggestions.
Kurt
At 08:49 AM 8/14/2003, suomi@ayni.com wrote:
>Full_Name: suomi hasler
>Version: openldap-2.1.22-1
>OS: Linux rosetta 2.4.19-4GB
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (195.141.97.126)
>
>
>My config as far as SASL is concerned:
>
>cyrus-sasl2-2.1.7-52
>
>
>
>both userids (peter, suomi) are valid SASL userids with respective password
>defined with
>saslpassword2 -c peter
>saslpassword2 -c suomi
>
>
>
>
>extract from /usr/local/openldap/etc/openldap/slapd.conf
>
>access to *
> by dn="cn=suomi,ou=pam-ldap,dc=ayni,dc=com" write
> by dn="cn=peter,ou=pam-ldap,dc=ayni,dc=com" write
> by self write
> by * read
>
>sasl-realm rosetta
>sasl-host localhost
>sasl-secprops none
>
>sasl-regexp uid=(.*),cn=.*,cn=.*,cn=auth
> cn=$1,ou=pam-ldap,dc=ayni,dc=com
>
>
>My DIT has an entry for cn=suomi,ou=pam-ldap,dc=ayni,dc=com
>
> cn: suomi
> givenName: suomi
> objectClass: top
> objectClass: person
> objectClass: organizationalperson
> objectClass: inetorgperson
> sn: suomi
> userPassword: {SHA}3F0J9HvIdnzTDaIBp/a4ddwJ4kA=
>
>
>My DIT has NO ENTRY for cn=peter,ou=pam-ldap,dc=ayni,dc=com
>
>All the same the openldap server attributes me FULL CONTROL of the DIT when I
>log in with SASL/DIGEST-MD5 using userid peter and the appropriate password.
>
>If you consider this a feature rather than a bug, I would request to have such
>behaviour well documented.
>
>Thank you very much
>
>suomi