[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Got error while enabling SASL

Hello All,

I've installed the cyrus-sasl-md5-2.1.22-5.el5_4.3.x86_64.rpm package.

Logs:

/root>pluginviewer

Installed SASL (server side) mechanisms are:

CRAM-MD5 ANONYMOUS DIGEST-MD5 PLAIN LOGIN EXTERNAL

......


/u01/app/openldap/product/2.4.26/etc/openldap>ldapsearch -x  -b "" -s base -LLL supportedSASLMechanisms
dn:
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: DIGEST-MD5

and again started with SASL process (tried several times) but everytime... got an error:
Steps i followed:
1> saslpasswd2 -c sasluser3
2> sasldblistusers2
3> Stop LDAP
4> edit slapd.conf and add following lines:
    password-hash   {CLEARTEXT}
    sasl-regexp uid=(.*),cn=DIGEST-MD5,cn=auth uid=$1,ou=System,o=xyz
5> Start LDAP
6> Add account from ldif:
add_sasl_accnt3.ldif
----------------------------
# TEST Account for SASL:
dn: uid=sasluser3,ou=System,o=xyz
uid: sasluser3
ou: System
description: Special account for SASL Testing
userPassword: sasluser3
objectClass: account
objectClass: simpleSecurityObject
7> ldapadd -x -D cn=Manager,o=xyz -W -f add_sasl_accnt3.ldif
8> ldapsearch -Y DIGEST-MD5 -U sasluser3 -b 'o=xyz'
     Or
    ldapsearch -U sasluser5 -b 'o=xyz'

But evrytime got error as:
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
        additional info: SASL(-13): user not found: no secret in database

Thks a lot for helping me.

Regards,
Gaurav Gugnani

On Thu, Feb 2, 2012 at 11:13 PM, Gaurav Gugnani <gugnanigaurav@gmail.com> wrote:
Hello,

Thks for helping me out. Yes, the package is missing.

The O/P of plugin viewer:
/u01/app/openldap/product/2.4.26/etc/openldap>pluginviewer
Installed SASL (server side) mechanisms are:
ANONYMOUS PLAIN LOGIN EXTERNAL

And clearly it is not displaying any MD5 SASL mechanism.

Now, i'll try to install package and will try my steps. 

Once again thks a lot for helping.

Regards,
Gaurav Gugnani

On Thu, Feb 2, 2012 at 9:03 PM, Dan White <dwhite@olp.net> wrote:
On 02/02/12 16:24 +0530, Gaurav Gugnani wrote:
Hello,

I too suppose that my package is missing for cyrus-sasl DIGEST MD5.

I'm working on linux 86_64 machine and want to implement DIGEST MD5
mechanism.

Following packages are installed:
/u01/app/openldap/product/2.4.26/etc/openldap>rpm -qa | grep cyrus-sasl
cyrus-sasl-devel-2.1.22-5.el5_4.3
cyrus-sasl-plain-2.1.22-5.el5_4.3
cyrus-sasl-lib-2.1.22-5.el5_4.3
cyrus-sasl-devel-2.1.22-5.el5_4.3
cyrus-sasl-lib-2.1.22-5.el5_4.3
cyrus-sasl-plain-2.1.22-5.el5_4.3
cyrus-sasl-2.1.22-5.el5_4.3

Use pluginviewer (or possibly saslpluginviewer) to verify that digest-md5
is installed. If not, you'll need to find out which package you need from
your distribution's support.

Once installed, and verified using pluginviewer, verify that slapd is
offering the mechanism with:

ldapsearch -x -H ldap://ldap.example.net -s "base" "supportedSASLMechanisms"

Please suggest, if package is missing or will the DIGEST MD% mechanism
works with this cyrus-sasl modules.

Thanks for your help.

Regards,
Gaurav Gugnani


On Thu, Feb 2, 2012 at 4:03 PM, Raffael Sahli <public@raffaelsahli.com>wrote:

 On 02/02/2012 10:40 AM, Gaurav Gugnani wrote:

Hello All,

After some more research into it and reading some more links:

http://www.linuxtopia.org/online_books/network_administration_guides/ldap_administration/sasl_SASL_Authentication.html
http://tldp.org/HOWTO/LDAP-HOWTO/sasl.html

I did some more steps like-
*Step-1:*

In the file slapd.conf i add following lines:
  password-hash   {CLEARTEXT}
  sasl-regexp uid=(.*),cn=DIGEST-MD5,cn=auth uid=$1,ou=System,o=db

And perform ldapsearch in different way:
ldapsearch -Y DIGEST-MD5 -U sasluser2 -b 'o=db'

But again got error as:
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
       additional info: SASL(-4): no mechanism available: No worthy mechs
found

Did you installed the sasl modules? (On debian the package name is
libsasl2-modules )


Please help in getting out of this issue.

Thanks and Regards,
Gaurav Gugnani



--
Raffael Sahlipublic@raffaelsahli.com



--
Dan White