[Date Prev][Date Next] [Chronological] [Thread] [Top]

Authentication fail | sasl

To: openldap-software@OpenLDAP.org
Subject: Authentication fail | sasl
From: Hagen Paul Pfeifer <hagen@jauu.net>
Date: Fri, 11 Jun 2004 18:49:46 +0200
Content-disposition: inline
User-agent: Mutt/1.5.6i

Hello,
it concerns the following problem:

If I remove the following entry from slapd.conf

access to * by * read

and I do a

ldapsearch -b "dc=0xdef,dc=net" -D "uid=pfeifer,ou=users,dc=0xdef,dc=net" "objectclass=*" -Y digest-md5

ldapsearch returns:

SASL/DIGEST-MD5 authentication started
Please enter your password: 
ldap_sasl_interactive_bind_s: Internal (implementation specific) error
(80)
additional info: SASL(-13): user not found: no secret in database


But when I added "access to * by * read

sasl mechanism is working!

Now I think sasl haven't the accurate access rights to access the users
ldap userPassword entry ("no secret in database"), because when there is
a worldwide read acces the mechanisn is ok!?

Here are my sldapd.conf entries for access stuff:

suffix          "dc=0xdef,dc=net"
rootdn          "cn=admin,dc=0xdef,dc=net"
rootpw          {SSHA}yVT8vzdssH5+5QlO7RRicsSufwAmCx7v
saslRegexp
     uid=(.*),cn=digest-md5,cn=auth
     uid=$1,cn=users,dc=0xdef,dc=net
     
access to dn.base="" by * read

access to attribute=userPassword
          by dn="cn=root,dc=0xdef,dc=net" write
          by anonymous auth
          by self write
          by * none

 access to dn.subtree="uid=(.*),ou=users,dc=0xdef,dc=net"
          by  dn="uid=(.*),ou=users,dc=0xdef,dc=net" write
          by anonymous auth
          by * none



Thanks!

Follow-Ups:
- Re: Authentication fail | sasl
  - From: Dieter Kluenter <dieter@dkluenter.de>

Prev by Date: Re: both 8 hour 200 vu tests end in a server abort
Next by Date: Re: Authentication fail | sasl
Index(es):
- Chronological
- Thread