[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: newbie question. SASL auth.



I did it.
Before trying to add SASL auth, I realized how-to build a simple LDAP tree.
I have a working configuration.
 #/etc/openldap/slapd.conf
 include         /etc/openldap/schema/core.schema
 include         /etc/openldap/schema/misc.schema
 include         /etc/openldap/schema/cosine.schema
 include         /etc/openldap/schema/inetorgperson.schema
 pidfile         /var/ldap/slapd.pid
 argsfile        /var/ldap/slapd.args
 loglevel 	-1
 backend 	bdb
 backend 	ldap
 database        bdb
 suffix          "o=My Organization,c=RU"
 rootdn        "cn=ldap_admin,o=My Organization,c=RU"
 rootpw	  {SSHA}aoVneQqwyoOAHDx89s1AMl8bzqdBzsHU
 directory    /var/ldap/openldap-data
 index   	objectClass     eq
 access to attr=userPassword
     by self write
     by anonymous auth
     by dn="cn=ldap_admin,o=My Organization,c=RU" write
     by * none
 access to *
     by self write
     by dn="cn=ldap_admin,o=My Organization,c=RU" write
     by * read

 #dump of
 #ldapsearch -x -b 'o=My Organization,c=RU' '(objectclass=*)'
 # extended LDIF
 #
 # LDAPv3
 # filter: (objectclass=*)
 # requesting: ALL
 #

but regarding SASL uid mapping the documentation is not clear to me. Sorry for 
this...


On Tuesday 27 August 2002 19:32, Tony Earnshaw wrote:
> tir, 2002-08-27 kl. 15:57 skrev Ilya Bassine:
> > > rootdn          "uid=root,cn=myorg.ru,cn=auth.cn-digest-md5"
> >
> > replaced by:
> > rootdn          "uid=root,cn=myorg.ru,cn=auth,cn=digest-md5"
>
> I just *cannot* believe that this discussion is going on. You just
> cannot form a DN anything like that.
>
> A DN is like a tree. It begins below, with the root, which can be a
> country (c) or a domain component (dc). It then ascends as a tree would,
> trunk, branch, twig, leaf. Each component is entirely separate. A leaf
> can not be a root. You cannot form a leaf into a root by telling it it's
> a root. I.e., you can't have cn=myorg.ru.
>
> 'Course, it doesn't *have* to be like that, but then as the poster
> discovers by choosing his own hierarchy: Neither is it duty bound to
> work.
>
> Ilya's basic logic is faultless. It's just that he's either never
> studied a plant or a tree. There are enough basic DN components
> available as examples on this list; anyway, what's wrong in trying with
> the examples in the basic slapd.conf that comes with the package and
> reading the admin guide at www.openldap.org?
>
> Take one thing at a time. Begin with rootdn "cn=root,o=myorg,c=ru" . Get
> that to work. Add to it as necessary. Leave the auth and digest-mdf
> stuff until last - you can't stuff them into your DN anyway, they belong
> somewhere else.
>
> Best,
>
> Tony