[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re:



Ben Booble wrote:

Hi List,
I have been going through the very good http://www.billy.demon.nl/ guide for postfix sasl ldap howto but have run into a problem.


I am running openldap-2.1.25, cryus-sasl-2.1.17, redhat ES3. I have compiled and install ldapdb.c according to the readme. In the guide mentioned above to test the success of the installation you submit this command..

ldapwhoami -Y digest-md5 -U proxyuser -X u:username -H ldap://servername

and the result should be dn:uid=username,ou=people,dc=... showing you can authenticate as the username.
I gather it is something to do with either ACLs or if not that something else. Can someone please look at below and give me a pointer?


My result is: ldap_sasl_interactive_bind_s: Insufficient access (50)

additional info: SASL(-14): authorization failure: not authorized

slapd.log....

slap_parseURI: parsing dn.regex:uid=.*,ou=people,dc=cpc

dnNormalize: <dn.regex:uid=.*,ou=people,dc=cpc>


This part of the log is straightforward: slapd is trying to DN-normalize
the string "dn.regex:uid=.*,ou=people,dc=cpc", which of course is not a legal
DN. Note that the "dn.regex" syntax was added to 2.2, but is not yet present
in 2.1; I don't know what documentation you're referring to, but the syntax
of saslAuthz{to|From} attributes has been detailed (with reference to <dnstyles>)
only in 2.2 slapd.conf(5) man page. See


http://www.openldap.org/lists/openldap-software/200403/msg00178.html

for details.

p.