[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL authentication, user not found



Hi, I've just managed to get cyrus SASL and OpenLDAP talking to each other
properly and I'm a little confused as to what I've done wrong.

Following is a dump of relevant information;
**************
[root@LSiaB ldif]# sasldblistusers
user: testuser realm: LSiaB mech: PLAIN
user: testuser realm: LSiaB mech: CRAM-MD5
user: testuser realm: LSiaB mech: DIGEST-MD5

[root@LSiaB ldif]# sasldblistusers2
testuser@LSiaB: userPassword

[root@LSiaB ldif]# ldapsearch -x -b 'o=lsiab.lan' '(objectclass=*)'
# lsiab.lan
dn: o=lsiab.lan
o: lsiab.lan
objectClass: top
objectClass: organization

# admin, lsiab.lan
dn: cn=admin,o=lsiab.lan
cn: admin
objectClass: organizationalRole

# test, lsiab.lan
dn: ou=test,o=lsiab.lan
ou: test
objectClass: organizationalUnit

# testuser, test, lsiab.lan
dn: uid=testuser,ou=test,o=lsiab.lan
uid: testuser
cn: Test User
sn: User
givenName: Test
ou: test
objectClass: Top
objectClass: Person
objectClass: OrganizationalPerson
objectClass: InetOrgPerson

# search result
search: 2
result: 0 Success

# numResponses: 5
# numEntries: 4

[root@LSiaB ldif]# ldapsearch -X 'u:testuser' -b 'o=lsiab.lan'
'(objectclass=*)'
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
        additional info: SASL(-13): user not found: no secret in database

[root@LSiaB ldif]# ldapsearch -X 'dn: uid=testuser,cn=DIGEST-MD5,cn=auth' -b
'o=lsiab.lan' '(objectclass=*)'
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
        additional info: SASL(-13): user not found: no secret in database

--- excerpt from file slapd.conf ---

sasl-regexp
        uid=(.*),cn=.*,cn=auth
        uid=$1,ou=test,o=lsiab.lan
--- eof ---

Cyrus SASL versions
-------------------
cyrus-sasl-gssapi-2.1.10-2
cyrus-sasl-2.1.10-2
cyrus-sasl-md5-2.1.10-2
cyrus-sasl-plain-2.1.10-2

OpenLDAP versions
-----------------
openldap-servers-2.1.8-1
openldap-clients-2.1.8-1
openldap-2.1.8-1
**************
I'm wondering if I'm using the correct name to log in, the correct username
in the sasldb and the correct sasl-regexp.

In a recent post to the mailing list I saw that 

>> sasl-regexp 
>> 	"uid=(.*),cn=digest-md5,cn=auth" 
>> 	"ldap:///dc=rtp,dc=KiNETWORKS,dc=com??sub?cn=$1";

may work better, would this help in my situation??

Thanks in advance Karl