[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: I cannot auth against SASL

To: openldap-technical@openldap.org
Subject: Re: I cannot auth against SASL
From: Dieter Kluenter <dieter@dkluenter.de>
Date: Thu, 30 Jun 2011 22:22:16 +0200
In-reply-to: <BANLkTimndG+qXrgcWU9O20qQNm6mz3Ew4A@mail.gmail.com>
Organization: AVCI
References: <BANLkTimndG+qXrgcWU9O20qQNm6mz3Ew4A@mail.gmail.com>

Am Thu, 30 Jun 2011 14:59:40 -0300
schrieb Friedrich Locke <friedrich.locke@gmail.com>:

> Hi!
> 
> i am trying to authenticate binding the DN below and it works nicely.
> 
> dn: uid=grios,ou=people,dc=ufv,dc=br
> uid: grios
> objectclass: organizationalrole
> objectclass: posixaccount
> cn: Gustavo Rios
> uidnumber: 2000
> gidnumber: 2000
> homedirectory: /home/grios
> userpassword: {SSHA}dWhcPjgDn4EGb/FwGMYbxx7fIqAuXCN7
> loginshell: /bin/sh
> gecos: Gustavo V G C Rios,,,
> 
> But if i change userpassword attribute to {SASL}grios@UFV.BR it does
> not work when i bind the same DN above.
> Does anybody have an ideia about my mistaken ?

Frankly, I don't understand what you are trying to do.
You either bind by means of simple bind (which is DN and password), or
by a sasl based strong bind. In order to use a strong bind you have
several choices, either openldap's own sasl framework or an external
mechanism that provides authentication.
In order to use SASL authentication by means of openldap's sasl
framework i.e. password and uid based credentials, the stored
userPassword attribute value has to be cleartext, otherwise it is not
possible to create an apropriate challenge.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53°37'09,95"N
10°08'02,42"E

Follow-Ups:
- Re: I cannot auth against SASL
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

References:
- I cannot auth against SASL
  - From: Friedrich Locke <friedrich.locke@gmail.com>

Prev by Date: Re: i am desperated: authentication without success
Next by Date: Re: I cannot auth against SASL
Index(es):
- Chronological
- Thread