[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: PROBLEM: can't use SASL to authentication openldap client




Hi,
  Could you tell me how to read man slapd.conf(5)?
  I tried man slapd.conf(5), man slapd.conf in command line, but no entry found.

-----Original Message-----
From: openldap-technical-bounces@openldap.org [mailto:openldap-technical-bounces@openldap.org] On Behalf Of Dieter Kluenter
Sent: Friday, August 06, 2010 3:55 PM
To: openldap-technical@openldap.org
Subject: Re: PROBLEM: can't use SASL to authentication openldap client

Hi,

"LI Ji D" <Ji.d.Li@alcatel-lucent.com> writes:

> Hi,
> 	I'm using /usr/local/openldap/bin/ldapsearch -U admin -b ou=people,dc=example,dc=com to test SASL authentication, slapd's log is below:
[...]
> bdb_dn2entry("cn=admin,ou=people,dc=example,dc=com")
> slap_ap_lookup: str2ad(cmusaslsecretDIGEST-MD5): attribute type undefined
> send_ldap_result: conn=2 op=2 p=3
> SASL Authorize [conn=2]:  proxy authorization allowed authzDN=""
> send_ldap_sasl: err=0 len=40
> do_bind: SASL/DIGEST-MD5 bind: dn="cn=admin,ou=people,dc=example,dc=com" sasl_ssf=128
> send_ldap_response: msgid=3 tag=97 err=0
[...]
>>include         /usr/local/openldap/schema/core.schema
>>include         /usr/local/openldap/schema/cosine.schema
>>include         /usr/local/openldap/schema/inetorgperson.schema
>>include         /usr/local/openldap/schema/openldap.schema
>>include         /usr/local/openldap/schema/nis.schema
>>pidfile         /usr/local/openldap/slapd.1.pid
>>argsfile        /usr/local/openldap/slapd.1.args
>>password-hash {CLEARTEXT}
>>authz-regexp uid=(.*),cn=DIGEST-MD5,cn=auth ldap:///ou=people,dc=example,dc=com??one?(cn=$1) binddn="uid=proxy,ou=People,dc=example,dc=com" credentials=proxy mode=self
[...]

According to the logs and slapd.conf you are initiating a proxy
authorization, but you have not defined such in slapd.conf.
Read man slapd.conf(5) on authz-policy and the authzFrom and authzTo
attribute types.

-Dieter

-- 
Dieter Klünter | Systemberatung
sip: 7770535@sipgate.de 
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6