[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Issues in implementing SASL

To: openldap-technical@openldap.org
Subject: Re: Issues in implementing SASL
From: Dieter KlÃnter <dieter@dkluenter.de>
Date: Mon, 30 Jan 2012 15:11:40 +0100
In-reply-to: <CANnGQdgkyEAk5DYMk3GV=GKo2+XVTMgqTvtXdNX7x2pmMmJ29w@mail.gmail.com>
Organization: AVCI
References: <CANnGQdgkyEAk5DYMk3GV=GKo2+XVTMgqTvtXdNX7x2pmMmJ29w@mail.gmail.com>

Am Mon, 30 Jan 2012 17:55:38 +0530
schrieb Gaurav Gugnani <gugnanigaurav@gmail.com>:

> Hello All,
> 
> I'm trying to configure SASL on openldap and did following steps:
> 
> 1> Modify the password of the user:
>      saslpasswd2 -c -u <realm> <username>
> 2> Then i modify slapd.conf:
>     sasl-regexp uid=(.*),cn=<realm>,cn=DIGEST-MD5,cn=auth
> uid=$1,ou=System,o=<realm>
> 3> After this i try to do ldapsearch and it gave me an error:
>     ldap_bind: Server is unwilling to perform (53)
>         additional info: unauthenticated bind (DN with no password)
> disallowed
> 
> Somewhere i read that we have to provide SASL information in
> slapd.conf however when i write below mentioned content - then ldap
> doesn't re-start. dn:uid=<username>,ou=System,o=<realm>
> bindmethod=sasl
> saslmech=DIGEST-MD5
> credentials=<password>
> realm=<realm>
> 
> Please help in resolving SASL mechanism to be used.

you should not store the user password by means of saslpasswd2.
Just create an LDAP entry and add a plaintext password to this entry,
preferably by means of ldappasswd(1).

-Dieter


-- 
Dieter KlÃnter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53Â37'09,95"N
10Â08'02,42"E

References:
- Issues in implementing SASL
  - From: Gaurav Gugnani <gugnanigaurav@gmail.com>

Prev by Date: Re: Search on whole tree gives result, search on subtree not
Next by Date: Re: Search on whole tree gives result, search on subtree not
Index(es):
- Chronological
- Thread