Re: ldapadd won't add entry via SASL/DIGEST-MD5

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 01:58 PM 2002-08-28, Gary C. New wrote:
>I was recently able to build cyrus-sasl-2.1.7
>(--with-ldap and --with-mysql) and openldap-2.1.4
>(--with-cyrus-sasl) on a Linux box.
>
>I am now at the point where I am trying to use ldapadd
>to add ldap entries via SASL/DIGEST-MD5 like so:
>
># ldapadd -f test.ldif -D "cn=root,dc=test,dc=org"
>SASL/DIGEST-MD5 authentication started
>Please enter your password: 
>ldap_sasl_interactive_bind_s: Internal (implementation
>specific) error (80)
>        additional info: SASL(-13): user not found: no secret
>in database
>
>When using SASL/DIGEST-MD5 authentication what are the
>typical steps necessary to get ldapadd to work?

The first step is to get the Cyrus SASL sample
client/server working.  Have you done this?

>I've been monitoring the system logs and no errors are
>reported.  Does the rootdn need to be added to the
>sasldb2

No.  But you need to have the user/password in
sasldb2 (if you are using sasldb2 and not some
other credential store).

>(i.e., saslpasswd2 -c root -u test.org)?

IIRC, that's basically right.  But better to follow
Cyrus SASL's sysadmin.html documentation on how to
get their sample client / server working... then
ldapclients & slapd(8) should work using same
mechanism / credentials which worked for the same
client / server.

>It is apparent that this is a user/passwd error, but
>where do I initially add the SASL/DIGEST-MD5 rootdn
>passwd and what would the ldapadd syntax be after
>having created the rootdn account?

Once you have the sample client/server working and
duplicated in ldap clients / server, you can check
the logs to see what DN was associated with the
authenticated user... and for your "root" user,
set the rootdn to the DN associated that user.

The form of this DN is discussed in the Admin Guide.
The Admin Guide also discusses optional DN mapping
capabilities of slapd(8).

Kurt