[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: FW: SASL Authentication & OpenLDAP 2.0.18

To: "Peiry, Stéphane" <stephane.peiry@colt.ch>
Subject: Re: FW: SASL Authentication & OpenLDAP 2.0.18
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 05 Dec 2001 14:42:09 -0800
Cc: "'openldap-software@OpenLDAP.org'" <openldap-software@OpenLDAP.org>
In-reply-to: <6C2EE8F84B9D1B4FAF76DCF997CB8D6A0175DAB1@zrhexc01b.colt.ch >

At 03:52 AM 2001-12-05, Peiry, Stéphane wrote:
>Hi again ;-)
>To make it short:
>
>  when I want a user to be authenticated through SASL I place
>  an entry for him in OpenLDAP giving as password something
>  like:
>    dn: cn=My Name,ou=Friends,o=myorg,dc=mydc
>    ...
>    userpassword: {SASL}theuseruid
>    ...
>
>  If I do 'ldapsearch -LLL -U theuseruid -b "dc=mydc"' then
>  I will have to give the correct password, i.e.: as stored
>  in SASLdb.
>
>  If instead I force to simple authentication:
>
>    ldapsearch -LLL -D "cn=My Name,ou=Friends,o=myorg,dc=mydc"
>             -b "dc=mydc" -W -x
>
>  then I can give as password:  {SASL}theuseruid

You need to provide theuseruid's password.

>So the question is.. what am I doing wrong? (!)

did you enable SASL passwords?  (e.g., --enable-spasswd)

Follow-Ups:
- one slapd to multiple backends LDAP
  - From: Vincent MATHIEU <Vincent.Mathieu@univ-nancy2.fr>

Prev by Date: Entrust and OpenLDAP
Next by Date: PAM LDAP naming context question
Index(es):
- Chronological
- Thread