[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL authentication, DIGEST-MD5 mechanism (ITS#2685)

Full_Name: suomi hasler
Version: openldap-2.1.22-1
OS: Linux rosetta 2.4.19-4GB
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

My config as far as SASL is concerned:


both userids (peter, suomi) are valid SASL userids with respective password
defined with 
saslpassword2 -c peter
saslpassword2 -c suomi

extract from /usr/local/openldap/etc/openldap/slapd.conf

access to *
        by dn="cn=suomi,ou=pam-ldap,dc=ayni,dc=com"     write
        by dn="cn=peter,ou=pam-ldap,dc=ayni,dc=com"     write
        by self write
        by * read

sasl-realm      rosetta
sasl-host       localhost
sasl-secprops   none

sasl-regexp uid=(.*),cn=.*,cn=.*,cn=auth

My DIT has an entry for cn=suomi,ou=pam-ldap,dc=ayni,dc=com

 cn: suomi
 givenName: suomi
 objectClass: top
 objectClass: person
 objectClass: organizationalperson
 objectClass: inetorgperson
 sn: suomi
 userPassword: {SHA}3F0J9HvIdnzTDaIBp/a4ddwJ4kA=

My DIT has NO ENTRY for cn=peter,ou=pam-ldap,dc=ayni,dc=com

All the same the openldap server attributes me FULL CONTROL of the DIT when I
log in with SASL/DIGEST-MD5 using userid peter and the appropriate password.

If you consider this a feature rather than a bug, I would request to have such
behaviour well documented. 

Thank you very much