[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pass through authentication problem

To: Geoff Baker <gbaker83@yahoo.com.au>
Subject: Re: pass through authentication problem
From: Francis Swasey <Frank.Swasey@uvm.edu>
Date: Fri, 19 Feb 2010 06:59:34 -0500
Cc: openldap-software@openldap.org
In-reply-to: <337902.65013.qm@web52808.mail.re2.yahoo.com>
References: <337902.65013.qm@web52808.mail.re2.yahoo.com>
User-agent: Thunderbird 2.0.0.23 (Macintosh/20090812)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2/17/10 5:34 AM, Geoff Baker wrote:
> Hi,
> 
> I have a Red Hat 5 machine that I have compiled openldap-2.4.19 with the --enable-spasswd option. I have configured saslauth to do its thing as per the instructions on http://www.openldap.org/doc/admin24/security.html#Authentication%20Methods 
> 
> I cannot seem to add the userPassword:: {SASL} user@domain part though. If i try to import a ldif like the following: 
> 
> dc: uid=user,dc=domain
> changetype: modify
> replace: userpassword
> userPassword:: {SASL} user@domain
> 
> I get an error saying ldapmodify: invalid format (line 4) entry: ""
> 
> if i change it to be userpassword: {SASL} user@domain  -  that works but the entry is hashed (is that ok?)
> 
> Then when i try to do a bind with that user account i get invalid credentials... Can somebody please help me try to work out why openldap doesn't seem to be passing on the request to SASL?

The correct format is:

userPassword: {SASL}user@domain

(No spaces between {SASL} and the user@domain parts)

I have this working on RHEL4 with OpenLDAP 2.3 -- I have not been successful (haven't spent a
lot of time trying either) getting openldap-2.4.21 built on RHEL5 to communicate with RHEL5's
sasl, yet.

- --
Frank Swasey                    | http://www.uvm.edu/~fcs
Sr Systems Administrator        | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
  "I am not young enough to know everything." - Oscar Wilde (1854-1900)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJLfn0lAAoJEK5S4SsZ5NvS9cAP/iwh7GXWVUmNYgbAS8penoyu
IoMQ4r62DDE9ZIE8J75Msd0wSubGxa0Q9HglAAvjTmnLf3P88MIAAiw4zaoq5i1w
9QrRyJ93qtrgRi8t8oyuAsmhvHARVdGsCGClOwEvMLj73PccfplrvCcphveiE2qt
eiC8ODD1+ms0GcnAZ8ohKVDM9obiGX6Lby/LTxU5v77U/zogjWo2P7C4AQBFhvuh
QaKFUlyvIG1zQ6jCEYDdo9HrF7Ht76hEnmoAsO1W7ezVh1ihVKZtmYuNh1tL7xTh
oYiqFIbukEm3yoR4LMP6pWgdqHY4rI4J15aZ5XITt153HMnUrxi60d/G3gxdHKUr
lZsa+vpSve7XolnR6Ubdu7c0yyyv1JwUXg/FYH1yHfMJqPJFQXFI244azvMgCRnJ
8VTCvnNjsVAkwVcxslhLilu/r+j3PywoEmq9Gy5bEUgrZrbPM9ZAqtr8DZg+CuaW
QE0uvuu0WdZ9shlobkTRJsPdW9krCX2tSRYpadOmsoNdCI9RuXGSbGIe2StvAu+g
rYqvr3xlVLlvSbi7JubrSjB1o9F1nhygxaq7x+6dIYfgers1mDpmH/mHIK9TrBcj
qHk6yqjMJvwP/8bkbeu6k3mvbdKv3JHmZolJyZdxsblLyTqmv+v0hwGDr5cniaGJ
ho+Ud4SWac9l7aYjtRHG
=Y3G9
-----END PGP SIGNATURE-----

References:
- pass through authentication problem
  - From: Geoff Baker <gbaker83@yahoo.com.au>

Prev by Date: Re: Ambiguous SSL/TLS error messages from slapd
Next by Date: Re: Ambiguous SSL/TLS error messages from slapd
Index(es):
- Chronological
- Thread