[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: PROBLEM: can't use SASL to authentication openldap client



On 05/08/10 16:35 +0800, LI Ji D wrote:
Hi, Klünter
	Now I can use sasl to authenticate, but openldap seems using the password attribute stored in user in openldap to do the sasl. I expect openldap to use sasldb as an external source to do the authentication.
	1. My slapd.conf is below:
include         /usr/local/openldap/schema/core.schema
include         /usr/local/openldap/schema/cosine.schema
include         /usr/local/openldap/schema/inetorgperson.schema
include         /usr/local/openldap/schema/openldap.schema
include         /usr/local/openldap/schema/nis.schema
pidfile         /usr/local/openldap/slapd.1.pid
argsfile        /usr/local/openldap/slapd.1.args
password-hash {CLEARTEXT}
authz-regexp uid=(.*),cn=DIGEST-MD5,cn=auth ldap:///ou=people,dc=example,dc=com??one?(cn=$1) binddn="uid=proxy,ou=People,dc=example,dc=com" credentials=proxy mode=self

database bdb
suffix   "ou=people,dc=example,dc=com"
rootdn   "cn=admin,ou=people,dc=example,dc=com"
	
	2. and also I create slapd.conf in /usr/local/sasl2/lib/sasl2/slapd.conf
content is :
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: digest-md5

You may have hit the same issue that Brent did. Most likely you will need
to create this file within /usr/lib/sasl2 or /etc/sasl2 instead.

Alternatively, you can set the environment variable SASL_CONF_PATH to
instruct the sasl glue library where to search for config files. See the
man page for sasl_getconfpath_t for details.

--
Dan White