[Date Prev][Date Next] [Chronological] [Thread] [Top]

[no subject]

To: OpenLDAP-software@OpenLDAP.org
From: "Ben Booble" <oneoutof100@hotmail.com>
Date: Fri, 30 Apr 2004 01:58:53 +0000

Hi List, I have been going through the very good http://www.billy.demon.nl/ guide for postfix sasl ldap howto but have run into a problem.

I am running openldap-2.1.25, cryus-sasl-2.1.17, redhat ES3. I have compiled and install ldapdb.c according to the readme. In the guide mentioned above to test the success of the installation you submit this command..

ldapwhoami -Y digest-md5 -U proxyuser -X u:username -H ldap://servername

and the result should be dn:uid=username,ou=people,dc=... showing you can authenticate as the username. I gather it is something to do with either ACLs or if not that something else. Can someone please look at below and give me a pointer?

My result is: ldap_sasl_interactive_bind_s: Insufficient access (50)

additional info: SASL(-14): authorization failure: not authorized

slapd.log....

slap_parseURI: parsing dn.regex:uid=.*,ou=people,dc=cpc

dnNormalize: <dn.regex:uid=.*,ou=people,dc=cpc>

<===slap_sasl_match: comparison returned 21
<==slap_sasl_check_authz: saslAuthzTo check returning 48
<== slap_sasl_authorized: return 48
SASL Authorize [conn=6]:  authorization disallowed (48)
SASL [conn=6] Failure: not authorized

slapd.conf ACL access to dn=".*,ou=people,dc=cpc" attrs=userPassword by self write by dn="cn=Manager,dc=cpc" write by dn="uid=admin,ou=people,dc=cpc" read by * auth access to dn=".*,ou=Contacts,dc=cpc" by * write access to dn="dc=cpc" by self write by dn="cn=Manager,dc=cpc" write by * read by * auth by anonymous search by users read access to * by dn="uid=admin,ou=people,dc=cpc" write (added out of frustration) access to dn="" by dn="cn=Manager,dc=cpc" write by dn="uid=admin,ou=people,dc=cpc" read by self write by users read by * none

password-hash   {CLEARTEXT}
#sasl-host servername
sasl-authz-policy to
sasl-realm servername
sasl-secprops noplain noanonymous maxssf=128
sasl-regexp uid=(.*),cn=servername,cn=digest-md5,cn=auth
uid=$1,ou=people,dc=cpc
sasl-regexp uid=(.*),cn=digest-md5,cn=auth
"ldap:///ou=people,dc=cpc??sub?uid=$1";

ldapsearch -x -D "uid=admin,ou=people,dc=cpc" -W 'uid=admin' saslauthzto
# admin, people, cpc
dn: uid=admin,ou=people,dc=cpc
saslAuthzTo: dn.regex:uid=.*,ou=people,dc=cpc

_________________________________________________________________ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

Follow-Ups:
- Re: none
  - From: Dieter Kluenter <dieter@dkluenter.de>
- No subject
  - From: Tony Earnshaw <tonye@billy.demon.nl>

Prev by Date: Re: ldapadd problem
Next by Date: Re: none
Index(es):
- Chronological
- Thread