[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL authentication

To: openldap-technical@openldap.org
Subject: Re: SASL authentication
From: Dieter KlÃnter <dieter@dkluenter.de>
Date: Wed, 15 Feb 2012 10:30:52 +0100
In-reply-to: <CAA3k0p47EpD6k564J1OxiLmE1g0AxfM_DpnMhdXvXUuyrrttwQ@mail.gmail.com>
Organization: AVCI
References: <CAA3k0p47EpD6k564J1OxiLmE1g0AxfM_DpnMhdXvXUuyrrttwQ@mail.gmail.com>

Am Mon, 13 Feb 2012 16:31:02 -0800
schrieb Rakesh Aggarwal <rakesh.aggarwal@gmail.com>:

> Hi! I am using OpenLDAP 2.4.26 and trying DIGEST-MD5 authentication
> using "ldapwhoami". I get the error "SASL(-13): user not found: no
> secret in database". While specifying the user with -U option, bind
> DN was showing empty in the server's trace. I have tried specifying
> complete DN with -D option but the result is the same error.
> 
> User were added using sasldblistusers2 command. sasldblistusers shows
> the users though it has appended the hostname where I issued the add
> command from.
> 
> What am I missing? Can someone point me to working instructions as the
> documentation for configuring SASL with openLdap seems really sparse?

Forget sasldb and other sasl tools, just use openldap's own sasl
configuration. Create appropriate authz-regexp strings in order to
match the users entries, make sure users have an uid attribute and the
value of userPassword is plaintext and not hashed.

-Dieter

-- 
Dieter KlÃnter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53Â37'09,95"N
10Â08'02,42"E

References:
- SASL authentication
  - From: Rakesh Aggarwal <rakesh.aggarwal@gmail.com>

Prev by Date: Error - not compiled with SASL support
Next by Date: Re: Error - not compiled with SASL support
Index(es):
- Chronological
- Thread