[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL - Digest-MD5



OK

the SASL dn comes into the server like this

uid=jdoe,cn=enterprise.test.com,cn=digest-md5,cn=auth
(if you enable trace debugging in the server (loglevel 1) you'll see the
calls to the sasl-regexp )

so try changing your sasl-regexp line to this

sasl-regexp uid=(.*),cn=enterprise.test.com,cn=digest-md5,cn=auth
	uid=$1,ou=people,dc=enterprise,dc=test,dc=com

and see if it works.

On Tue, 2003-06-03 at 10:50, Jason L W Lynn wrote:
> DISREGARD last message.  By not specifying -H to the ldapsearch,
> ldapsearch took it upon itself (I guess) to query ldap.test.com instead
> of enterprise.test.com (basically) which happened to be an actual
> machine running LDAP, but did not support SASL.
> 
> New problem:
> For simple searches w/o authentication (-x) and by specifying '-H
> ldap://enterprise.test.com' the search works just fine.  Now, if I try
> an authenticated search :
> 
> ldapsearch -v -d -1 -H ldap://enterprise.test.com -U jdoe
> -Y digest-md5 -b 'dc=enterprise,dc=test,dc=com' '(objectClass=*)'
> 
> I am getting the following :
> 
> ldap_sasl_interactive_bind_s: Local error
> 
> This just seems to be getting worse and worse... :)
> 
> Thanks,
> 
> jason
> 
> 
> On Tue, 2003-06-03 at 10:08, Jason L W Lynn wrote:
> > Well, I believe I have gotten a little further.  When I perform a search
> > now, I get the following error(s):
> > 
> > SASL/DIGEST-MD5 authentication started
> > ldap_sasl_interactive_bind_s: Authentication method not supported
> >         additional info: SASL mechanism not supported
> > 
> > Any ideas on why I am getting this error?  I have the following in my
> > slapd.conf file :
> > 
> > sasl-regexp uid=(.*),cn=.*,cn=auth
> >             uid=$1,ou=people,dc=enterprise,dc=test,dc=com
> > password-hash {CLEARTEXT}
> > 
> > The users in LDAP take the following form :
> > uid=jdoe,ou=people,dc=enterprise,dc=test,dc=com.
> > 
> > The search is performed by : ldapsearch -U jdoe -Y digest-md5 -b
> > 'dc=enterprise,dc=test,dc=com' '(objectClass=*)'
> > 
> > Any help would be very much appreciated.  Thanks!
> > 
> > jason
> > 
> > On Mon, 2003-06-02 at 09:07, Jason L W Lynn wrote:
> > > Hello,
> > > 
> > > I'm trying to get SASL working with Digest-MD5.  I believe I have most
> > > everything set up correctly, but I keep getting the error (during a
> > > search) :
> > > 
> > > ldap_sasl_interactive_bind_s: Local error
> > > 
> > > Does this mean that I do not have the SASL entries mapped correctly to
> > > the LDAP entries?  Or does it mean something else alltogether?
> > > 
> > > Thanks,
-- 
Edward Rudd <eddie@omegaware.com>