[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
SASL authentication, DIGEST-MD5 mechanism (ITS#2685)
Full_Name: suomi hasler
Version: openldap-2.1.22-1
OS: Linux rosetta 2.4.19-4GB
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (195.141.97.126)
My config as far as SASL is concerned:
cyrus-sasl2-2.1.7-52
both userids (peter, suomi) are valid SASL userids with respective password
defined with
saslpassword2 -c peter
saslpassword2 -c suomi
extract from /usr/local/openldap/etc/openldap/slapd.conf
access to *
by dn="cn=suomi,ou=pam-ldap,dc=ayni,dc=com" write
by dn="cn=peter,ou=pam-ldap,dc=ayni,dc=com" write
by self write
by * read
sasl-realm rosetta
sasl-host localhost
sasl-secprops none
sasl-regexp uid=(.*),cn=.*,cn=.*,cn=auth
cn=$1,ou=pam-ldap,dc=ayni,dc=com
My DIT has an entry for cn=suomi,ou=pam-ldap,dc=ayni,dc=com
cn: suomi
givenName: suomi
objectClass: top
objectClass: person
objectClass: organizationalperson
objectClass: inetorgperson
sn: suomi
userPassword: {SHA}3F0J9HvIdnzTDaIBp/a4ddwJ4kA=
My DIT has NO ENTRY for cn=peter,ou=pam-ldap,dc=ayni,dc=com
All the same the openldap server attributes me FULL CONTROL of the DIT when I
log in with SASL/DIGEST-MD5 using userid peter and the appropriate password.
If you consider this a feature rather than a bug, I would request to have such
behaviour well documented.
Thank you very much
suomi