[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL authentication - please help



I've asked this question in three different posts -- will someone just
point myself and the rest of the list to SOME info on replication using
sasl?  Please?

I too have read the mail archives, the faq, and administrators guide and I
have found little info -- for me not enought to make it work.  Please
point us to some documentation that will shed some light.

If there is not already a polished document describing this I volunteer my
time to write one if I can get some help in making it work.

Someone, anyone?

TIA

On Fri, 24 Aug 2001, Tarjei Huse wrote:

> Have you created a saslpasswd file? E.g.:
> ./saslpasswd cyrus
> ?
> You must have done this to let OL check for mechanisms.
> 
> >
> > After 25 hours of work on installing OpenLDAP 2.0.11 with SASL, I'm
> writing
> > to you for help.  I realize this is one of the most commonly asked
> questions
> > on the list. I have already reviewed the 518 posts that are in the list
> > archive (search for "SASL;2001") and have not found my answer.  However, I
> > have printed out and followed the instructions in those that seemed most
> > promising.  I have also reviewed the man pages, the systems administrators
> > guide, an "Exchange Server Replacement How-To", and a "LDAP v3 How-To" by
> > Turbo Fredrikson.
> >
> > I would like to use SASL to encrypt the username & password used in
> > replication.  I don't mind if the rest of the replication traffic goes
> plain
> > text over the wire - user passwords aren't being stored on the LDAP
> server.
> > I don't see any need to install Kerberos.  You'll note in the installation
> > instructions, I specifically mention OpenSSL - I don't believe this is
> > required to use SASL but I've installed it "just in case".
> >
> > My most recent attempt was working on a clean install on a blank hard
> drive.
> > I would like to present you with the problem, and with the steps I have
> taken
> > to install the relevant software.  These steps are being written as part
> of
> > an installation guide for a project I am working on.  So that you know,
> > OpenLDAP, OpenSSL, and Cyrus SASL are all compiled from the most recent
> > source versions.  As well, I confirmed that SASL was working using the
> > sample-server and sample-client programs.  The 'make test' for OpenLDAP
> > completed without error.
> >
> > I am doing this in the hopes that someone who has successfully configured
> > OpenLDAP with SASL will email me with a solution, or some direction to
> take.
> > I have followed what few instructions that I have found to the best of my
> > abilities.
> >
> > Note: this is a long email.  If you feel like skipping down to the next
> > section, use your find command and look for ---
> >
> > ---The problem, as seen from the client machine---
> >
> > [root@server /root]# ldapsearch -x -b "" -s base -LLL
> supportedSASLMechanisms
> > dn:
> >
> > [root@server /root]# ldapsearch -d 2
> > ber_flush: 64 bytes to sd 3
> >   0000:  30 3e 02 01 01 63 39 04  00 0a 01 00 0a 01 00 02
> 0>...c9.........
> >   0010:  01 00 02 01 00 01 01 00  87 0b 6f 62 6a 65 63 74
> ..........object
> >   0020:  63 6c 61 73 73 30 19 04  17 73 75 70 70 6f 72 74
> class0...support
> >   0030:  65 64 53 41 53 4c 4d 65  63 68 61 6e 69 73 6d 73
> edSASLMechanisms
> > ldap_write: want=64, written=64
> >   0000:  30 3e 02 01 01 63 39 04  00 0a 01 00 0a 01 00 02
> 0>...c9.........
> >   0010:  01 00 02 01 00 01 01 00  87 0b 6f 62 6a 65 63 74
> ..........object
> >   0020:  63 6c 61 73 73 30 19 04  17 73 75 70 70 6f 72 74
> class0...support
> >   0030:  65 64 53 41 53 4c 4d 65  63 68 61 6e 69 73 6d 73
> edSASLMechanisms
> > ldap_read: want=1, got=1
> >   0000:  30                                                 0
> > ldap_read: want=1, got=1
> >   0000:  09                                                 .
> > ldap_read: want=9, got=9
> >   0000:  02 01 01 64 04 04 00 30  00                        ...d...0.
> > ldap_read: want=1, got=1
> >   0000:  30                                                 0
> > ldap_read: want=1, got=1
> >   0000:  0c                                                 .
> > ldap_read: want=12, got=12
> >   0000:  02 01 01 65 07 0a 01 00  04 00 04 00               ...e........
> > request 1 done
> > ldap_sasl_interactive_bind_s: No such attribute
> >
> > ---The problem, as seen from the primary LDAP server---
> >
> > [root@ldap openldap]# /usr/local/libexec/slurpd -d 255
> > Config: opening config file "/usr/local/etc/openldap/slapd.conf"
> > Config: (include
> /usr/local/etc/openldap/schema/core.schema)
> > Config: (include
> /usr/local/etc/openldap/schema/cosine.schema)
> > Config: (include
> > /usr/local/etc/openldap/schema/inetorgperson.schema)
> > Config: (include
> /usr/local/etc/openldap/schema/local.schema)
> > Config: (pidfile                /usr/local/var/slapd.pid)
> > Config: (argsfile       /usr/local/var/slapd.args)
> > Config: (loglevel 0)
> > Config: (idletimeout 30)
> > Config: (sizelimit 100)
> > Config: (timelimit 120)
> > Config: (defaultsearchbase "dc=company,dc=com")
> > Config: (schemacheck on)
> > Config: (database       ldbm)
> > Config: (replica host=server.company.com:389
> > binddn="cn=LDAProot,dc=company,dc=com"   bindmethod=sasl
> saslmech=DIGEST-MD5
> >    authcID="server.company.com"   realm=server.company.com
> > credentials="c19vffxx")
> > Config: ** successfully added replica "server.company.com:389"
> > Config: (replogfile     /usr/local/etc/openldap/replog/replog.log)
> > Config: (lastmod                off)
> > Config: (suffix         "dc=company,dc=com")
> > Config: (rootdn         "cn=LDAProot,dc=company,dc=com")
> > Config: (rootpw         {crypt}SAf0p11tbz3MQ)
> > Config: (directory      /usr/local/var/openldap-ldbm)
> > Config: (index  objectClass                             eq,pres)
> > Config: (index  uid                                     eq)
> > Config: (index  cn                                      eq,sub)
> > Config: (index  mail                                    eq,pres,sub)
> > Config: (index  givenName                               eq,sub)
> > Config: (index  sn                                      eq,sub)
> > Config: (index  o                                       eq,sub)
> > Config: (access to attr=userPassword    by dn="cn=LDAPRoot, dc=company,
> > dc=com" write    by * none)
> > Config: (access to *    by anonymous read       by dn="cn=LDAPRoot,
> > dc=company, dc=com" write)
> > Config: (dbnolocking)
> > Config: (dbnosync)
> > Config: (cachesize 10000)
> > Config: (dbcachesize 100000)
> > Config: ** configuration file successfully read and parsed
> > Retrieved state information for server.company.com:389 (timestamp
> 997309400.0)
> > begin replication thread for server.company.com:389
> > Replica server.company.com:389, skip repl record for
> > uid=Roman_Gebhart,ou=Distributors,dc=company,dc=com (old)
> > Initializing session to server.company.com:389
> > ldap_create
> > bind to server.company.com as server.company.com via DIGEST-MD5 (SASL)
> > ldap_interactive_sasl_bind_s: user selected: DIGEST-MD5
> > ldap_int_sasl_bind: DIGEST-MD5
> > ldap_new_connection
> > ldap_int_open_connection
> > ldap_connect_to_host
> > ldap_new_socket: 6
> > ldap_prepare_socket: 6
> > ldap_connect_to_host: Trying 192.168.1.2:389
> > ldap_connect_timeout: fd: 6 tm: -1 async: 0
> > ldap_ndelay_on: 6
> > ldap_is_sock_ready: 6
> > ldap_ndelay_off: 6
> > ldap_int_sasl_open: server.company.com
> > ldap_sasl_bind_s
> > ldap_sasl_bind
> > ldap_send_initial_request
> > ldap_send_server_request
> > ber_flush: 54 bytes to sd 6
> >   0000:  30 34 02 01 01 60 2f 02  01 03 04 1c 63 6e 3d 4c
> 04...`/.....cn=L
> >   0010:  44 41 50 72 6f 6f 74 2c  64 63 3d 73 61 66 65 63
> DAProot,dc=compan
> >   0020:  6f 2c 64 63 3d 63 6f 6d  a3 0c 04 0a 44 49 47 45
> y,dc=com....DIGE
> >   0030:  53 54 2d 4d 44 35                                  ST-MD5
> > ldap_write: want=54, written=54
> >   0000:  30 34 02 01 01 60 2f 02  01 03 04 1c 63 6e 3d 4c
> 04...`/.....cn=L
> >   0010:  44 41 50 72 6f 6f 74 2c  64 63 3d 73 61 66 65 63
> DAProot,dc=compan
> >   0020:  6f 2c 64 63 3d 63 6f 6d  a3 0c 04 0a 44 49 47 45
> y,dc=com....DIGE
> >   0030:  53 54 2d 4d 44 35                                  ST-MD5
> > ldap_result msgid 1
> > ldap_chkResponseList for msgid=1, all=1
> > ldap_chkResponseList returns NULL
> > wait4msg (infinite timeout), msgid 1
> > wait4msg continue, msgid 1, all 1
> > ** Connections:
> > * host: server.company.com  port: 389  (default)
> >   refcnt: 2  status: Connected
> >   last used: Thu Aug 23 12:31:48 2001
> >
> > ** Outstanding Requests:
> >  * msgid 1,  origid 1, status InProgress
> >    outstanding referrals 0, parent count 0
> > ** Response Queue:
> >    Empty
> > ldap_chkResponseList for msgid=1, all=1
> > ldap_chkResponseList returns NULL
> > do_ldap_select
> > read1msg: msgid 1, all 1
> > ber_get_next
> > ldap_read: want=1, got=1
> >   0000:  30                                                 0
> > ldap_read: want=1, got=1
> >   0000:  0c                                                 .
> > ldap_read: want=12, got=12
> >   0000:  02 01 01 61 07 0a 01 07  04 00 04 00               ...a........
> > ber_get_next: tag 0x30 len 12 contents:
> > ber_dump: buf=0x0807f120 ptr=0x0807f120 end=0x0807f12c len=12
> >   0000:  02 01 01 61 07 0a 01 07  04 00 04 00               ...a........
> > ldap_read: message type bind msgid 1, original id 1
> > ber_scanf fmt ({iaa) ber:
> > ber_dump: buf=0x0807f120 ptr=0x0807f123 end=0x0807f12c len=9
> >   0000:  61 07 0a 01 07 04 00 04  00                        a........
> > read1msg:  0 new referrals
> > read1msg:  mark request completed, id = 1
> > request 1 done
> > res_errno: 0, res_error: <>, res_matched: <>
> > ldap_free_request (origid 1, msgid 1)
> > ldap_free_connection
> > ldap_free_connection: refcnt 1
> > ldap_parse_sasl_bind_result
> > ber_scanf fmt ({iaa) ber:
> > ber_dump: buf=0x0807f120 ptr=0x0807f123 end=0x0807f12c len=9
> >   0000:  61 07 0a 01 07 04 00 04  00                        a........
> > ldap_msgfree
> > ldap_err2string
> > Error: LDAP SASL for server.company.com:389 failed: Authentication method
> not
> > supported
> > ldap_unbind
> > ldap_free_connection
> > ldap_send_unbind
> > ber_flush: 7 bytes to sd 6
> >   0000:  30 05 02 01 02 42 00                               0....B.
> > ldap_write: want=7, written=7
> >   0000:  30 05 02 01 02 42 00                               0....B.
> > ldap_free_connection: actually freed
> > fm: exiting
> > Retrying operation for DN uid=roman_g,ou=Distributors,dc=company,dc=com on
> > replica server.company.com:389
> > end replication thread for server.company.com:389
> > slurpd: terminated.[
> >
> > --- Steps to Reproduce ---
> >
> > 1.To begin, insert Red Hat Linux CD 1 in the CD-ROM drive.  Turn off the
> > computer and turn it on again.
> > 2."Welcome to Red Hat Linux 7.1" will appear on screen.  Press the ENTER
> key.
> > 3.Debugging information will appear on screen.  The screen will briefly
> turn
> > blue, and then additional debugging information will appear.  Wait for the
> > Red Hat logo to appear on screen.
> > 4.In Language Selection, confirm that "English" is selected and press
> Next.
> > 5.In Keyboard Configuration, confirm that "Generic 105-key (Intl) PC" is
> > selected. Confirm that U.S. English is selected.  Select "Disable dead
> keys."
> >  Press Next.
> > 6.In Mouse Configuration, select "2 Button Mouse (PS/2)".  Select "Emulate
> 3
> > buttons".  Press next.
> > 7.On the Welcome to Red Hat Linux screen, press Next.
> > 8.In Install Options, select "Server System".
> > 9.In Disk Partitioning, select "Manually partition with Disk Druid" and
> press
> > Next
> > 10.Using the mouse, delete any existing partitions.  Using the Add button,
> > add the following partitions:
> > Mount point: (Not set) Size = 2x Physical RAM in server. Partition Type:
> > Linux Swap.
> > Mount point: /var Size = 650 Partition Type: Linux Native
> > Mount point: / Use remaining space - checked.  Partition Type: Linux
> Native.
> > 11.In Choose Partitions to Format select all partitions.  As well, select
> > "Check for bad blocks while formatting".
> > 12.In Network Configuration, select the eth0 tab.  Clear "Configure using
> > DHCP."   Type in the appropriate values for IP address, NetMask, Network,
> > Broadcast, Hostname, Gateway, and the DNS servers.  If there are multiple
> > NICs in the server, select the eth1, eth2, etc. tabs and set appropriate
> > values.
> > 13.In Firewall Configuration, select "No Firewall".  Later in this guide,
> the
> > Bastille Firewall will be installed. Detailed instructions for how to
> > configure this firewall are provided in the Red Hat Linux Configuration
> > Guide.  Press Next.
> > 14.In Language Support Selection, confirm that "English (USA)" is
> selected.
> > Press Next.
> > 15.In Time Zone Selection, select "America/Vancouver".  Press Next.
> > 16.In Account Configuration, type the Root Password in "Root Password" and
> in
> > "Confirm".  Add a second account admin with the following properties:
> > Account Name: admin
> > Password: (your password)
> > Password (confirm): (your password)
> > Full Name: administrative user
> > Press "Add" to add the new account.  Do not add additional accounts at
> this
> > time.
> > 17.In Selecting Package Groups, confirm that all packages are cleared.
> > Select "Select individual packages", and press Next.
> > 18.The next screen will be titled "Individual Package Selection".  A
> > tree-view of available package categories will appear on the left side of
> the
> > screen, while individual packages appear on the right.
> > Applications - Communications: press "Unselect all in group".
> > Applications - Editors: press "Unselect all in group".
> > Applications - Internet: clear "elm", "fetchmail", "finger", "ftp", "im",
> > "metamail", "ncftp", "nmh", "pine", "rsh", "rsync", "slrn", "talk", and
> > "telnet".
> > Applications - Publishing: clear "ghostscript" and "ghostscript-fonts".
> > Applications - System: clear "isdn4k-utils".  Select "linuxconf" and
> > "mtools".  Clear "rdist".  Select "samba-client" and "samba-common".
> > Development - Libraries - clear openssl-devel
> > System Environment - Base: clear "chkfontpath".
> > System Environment - Daemons: clear "LPRng", "XFree86-xfs", "anonftp",
> > "finger server", "inews", "ppp", "printconf", "rp-ppoe", "rsh-server",
> > "rusers", "rusers-server", "rwall", "rwall-server", "rwho", "talk-server",
> > "telnet-server", "wu-ftpd", and "wvdial".
> > System Environment - Kernel: select "kernel-enterprise".
> > System Environment - Libraries: clear "VFlib2"
> > User Environment - X: clear "urw-fonts" and "xtt-fonts".
> > 17.Press Next.
> > 18.In About to Install, press Next.
> > 19.In Installing Packages, the file system will be formatted.  Packages
> will
> > be copied to the hard disk.  When prompted, insert Red Hat Linux Disk Two
> > into the CD-ROM drive and press Ok.
> > 20.In Boot Disk Creation, insert a blank floppy disk into the floppy drive
> > and press Next.  The boot disk will be created.
> > 21.In Congratulations, remove the floppy disk from the drive.  Label this
> > "BOOT FLOPPY" and do not lose it.  Press Exit.
> > 22.The system will shut down and the CD-ROM will eject.  IMMEDIATELY
> remove
> > the CD-ROM from the drive.
> > 23.Lilo will show.  You do not need to press Enter for Linux to boot.
> > 24.Linux boot messages will show.  Services will start, and network
> > interfaces will start. When "Red Hat Linux release 7.1 (Seawolf)" appears
> on
> > screen, you may continue.
> > Updating Linux with post-release fixes
> > 25.Log in as root.
> > 26.Insert the Project CD-ROM into the CD-ROM drive.
> > 27.Mount the CD-ROM by typing mount /mnt/cdrom
> > 28.Switch to the updates folder of the CD-ROM by typing cd
> /mnt/cdrom/updates
> > 29.Type rpm -Uvh gcc/libstdc++-2.96-85.i386.rpm
> > gcc/libstdc++-devel-2.96-85.i386.rpm and press Enter.
> > 30.Type rpm -Uvh gnupg/gnupg-1.0.6-1.i386.rpm and press Enter.
> > 31.Type rpm -Uvh mount/losetup-2.11b-3.i386.rpm
> mount/mount-2.11b-3.i386.rpm
> > and press Enter.
> > 32.Type  rpm -Uvh xinetd/xinetd-2.3.0-1.71.i386.rpm and press Enter.
> > 33.Type cat /etc/lilo.conf and look for the section that starts with
> > image=/boot/vmlinuz-2.4.2-2 . This indicates which hard disk partition
> Linux
> > is installed on.  Make a note of the line that begins with root= .  For
> > example, root=/dev/hda2 .
> > 34.Type rpm -ivh kernel/i686/kernel-enterprise-2.4.3-12.i686.rpm and press
> > Enter.
> > 35.Type vi /etc/lilo.conf and press Enter.
> > 36.Move the cursor down to the end of the file and press a.  Type the
> > following lines below, replacing /dev/hdaXX with the value you determined
> in
> > step 33.
> > image = /boot/vmlinuz-2.4.3-12
> >   label = linux
> >   root = /dev/hdaXX
> > 37.Find the section that begins with  image=/boot/vmlinuz-2.4.2-2 . Move
> the
> > cursor down to the line that says label = linux .  Modify this line to
> read
> > label = linux.old .
> > 38.Press the Escape key, type :w and press Enter.  Type :q and press
> Enter.
> > 39.Type lilo -v and press Enter.
> > 40.Type cd and press Enter.
> > 41.Type umount mnt/cdrom and press Enter.  You do not need to remove the
> > CD-ROM from the CD-ROM drive.
> > 42.Type cd and press Enter.
> > 43.Type source .bash_profile and press Enter.
> > 44.Type shutdown now -r and press Enter.  The server will reboot.
> > 45.The Lilo screen will be shown with two choices - linux and linux old.
> You
> > do not need to press Enter for the boot sequence to continue.
> > 46.Once again, log in as root.
> > 47.Type mkbootdisk --device /dev/fd0 2.4.3-12 and press Enter.  Press
> Enter a
> > second time.  This updates the boot disk with information about the new
> > kernel.  Label this disk as (servername) Boot Disk
> > Installing Bastille
> > 48.Mount the CD-ROM with the command mount /mnt/cdrom .  Press Enter.
> > 49.Type cd /mnt/cdrom/Bastille/ and press Enter.
> > 50.Type rpm --nodeps -ivh perl-Curses-1.05-2mdk.i586.rpm and press Enter.
> > 51.Type rpm -ivh Bastille-1.2.0-1.1mdk.noarch.rpm
> > Bastille-Curses-module-1.2.0-1.1mdk.noarch.rpm and press Enter.
> > Compiling & Installing OpenSSL libraries
> > 52.Type cp /mnt/cdrom/openssl/openssl-0.9.6b.tar.gz /usr/src and press
> Enter.
> > 53.Type cd /usr/src and press Enter.
> > 54.Type tar -xzvf openssl-0.9.6b.tar.gz  and press Enter.
> > 55.Type cd /openssl-0.9.6b and press Enter.
> > 56.Type ./config --prefix=/usr --openssldir=/usr/lib/ssl and press Enter.
> > 57.Type make -f Makefile.ssl all and press Enter.
> > 58.Type make -f Makefile.ssl install and press Enter.
> > Compiling & Installing Cyrus SASL libraries
> > 59.Type cp /mnt/cdrom/cyrus/cyrus-sasl-1.5.24.tar.gz /usr/src and press
> Enter.
> > 60.Type cd and press Enter.
> > 61.Type umount /mnt/cdrom and press Enter.  You should eject the CD-ROM
> from
> > the CD-ROM drive.
> > 62.Type cd /usr/src and press Enter.
> > 63.Type tar -xzvf cyrus-sasl-1.5.24.tar.gz and press Enter.
> > 64.Type cd cyrus-sasl-1.5.24 and press Enter.
> > 65.Type ./configure --enable-plain --disable-krb4 and press Enter.
> > 66.Type make and press Enter.
> > 67.Type make install and press Enter.
> > 68.Type ln /usr/lib/sasl /usr/local/lib/sasl -d and press Enter.
> > 19.Type linuxconf and press Enter.
> > 20.A welcome screen will appear.  Press Quit (this is not intuitive).
> > 21.Using the cursor keys, select Config - Networking - Client Tasks and
> press
> > Enter.  Select Host Name and IP Network Devices and press Enter.
> > 22.In the "Host Name and Domain" field, input the appropriate server host
> > name (if it's not already there).
> > 23.Press Accept (use either the mouse or the tab key).
> > 24.Press Dismiss.
> > 25.Press Quit.  When prompted, press Do It.
> > 69.Type saslpasswd -c LDAProot and press Enter.  When prompted, enter the
> > password for LDAProot and press Enter.
> > 70.Type sasldblistusers and press Enter.  The output should be as follows:
> > user: LDAProot realm: server.company.com mech: DIGEST-MD5
> > user: LDAProot realm: server.company.com mech: PLAIN
> > user: LDAProot realm: server.company.com mech: CRAM-MD5
> > (where server should be equal to the server name).
> > Compiling & Installing OpenLDAP
> > 71.Type cd../OpenLDAP and press Enter.
> > 72.Type cp openldap-stable-20010524.tgz /usr/src and press Enter.
> > 73.Type cd /usr/src and press Enter.
> > 74.Type tar -xzvf openldap-stable-20010524.tgz and press Enter.
> > 75.Type cd openldap-2.0.11/ and press Enter.
> > 76.Type ./configure --with-cyrus-sasl --enable-spasswd and press Enter.
> > 77.The last line of the output should read Please "make depend" to build
> > dependencies.
> > 78.Type make depend and press Enter.
> > 79.Type make and press Enter.
> > 80.Type make test and press Enter.  This verifies that the software has
> > compiled correctly.
> > 81.Type make install and press Enter.
> >
> > ---The contents of slapd.conf---
> >
> > Please note: this is the slapd.conf from the backup LDAP server.  The
> primary
> > LDAP server has the "replica host" lines uncommented, and the "updatedn" /
> > "updateref" lines commented out.
> >
> >
> > # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.6 2001/04/20
> 23:32:43
> > kurt Exp $
> > #
> > # See slapd.conf(5) for details on configuration options.
> > # This file should NOT be world readable.
> > #
> >
> > sasl-host server.company.com
> > sasl-realm company.COM
> >
> > include /usr/local/etc/openldap/schema/core.schema
> > include /usr/local/etc/openldap/schema/cosine.schema
> > include /usr/local/etc/openldap/schema/inetorgperson.schema
> > include /usr/local/etc/openldap/schema/local.schema
> >
> > # Define global ACLs to disable default read access.
> >
> > # Do not enable referrals until AFTER you have a working directory
> > # service AND an understanding of referrals.
> > #referral ldap://root.openldap.org
> >
> > pidfile /usr/local/var/slapd.pid
> > argsfile /usr/local/var/slapd.args
> >
> > # Load dynamic backend modules:
> > # modulepath /usr/local/libexec/openldap
> > # moduleload back_ldap.la
> > # moduleload back_ldbm.la
> > # moduleload back_passwd.la
> > # moduleload back_shell.la
> >
> > #LDAP_Version_3
> > loglevel 0
> > idletimeout 30
> > sizelimit 100
> > timelimit 120
> > defaultsearchbase "dc=company,dc=com"
> > schemacheck on
> >
> > #######################################################################
> > # ldbm database definitions
> > #######################################################################
> >
> > database ldbm
> > ## REPLICATION OPTIONS
> > #replica host=server.company.com:389
> > # bindmethod=simple
> > # binddn="cn=LDAProot,dc=company,dc=com"
> > # credentials=password
> > updatedn "cn=LDAProot,dc=company,dc=com"
> > updateref "ldap://ldap.company.com";
> >
> > replogfile /usr/local/etc/openldap/replog/replog.log
> > lastmod off
> >
> > suffix "dc=company,dc=com"
> > rootdn "cn=LDAProot,dc=company,dc=com"
> > # Cleartext passwords, especially for the rootdn, should
> > # be avoid.  See slappasswd(8) and slapd.conf(5) for details.
> > # Use of strong authentication encouraged.
> > rootpw {SASL}LDAProot
> > # The database directory MUST exist prior to running slapd AND
> > # should only be accessible by the slapd/tools. Mode 700 recommended.
> > directory /usr/local/var/openldap-ldbm
> > # Indices to maintain
> >
> > index objectClass eq,pres
> > index uid eq
> >
> > index cn eq,sub
> > index mail eq,pres,sub
> > index givenName eq,sub
> > index sn eq,sub
> > index o eq,sub
> >
> > #ldbm access control definitions
> > access to attr=userPassword
> > by dn="cn=LDAPRoot, dc=company, dc=com" write
> > by * none
> >
> > access to *
> > by anonymous read
> > by dn="cn=LDAPRoot, dc=company, dc=com" write
> >
> > dbnolocking
> > dbnosync
> > cachesize 10000
> > dbcachesize 100000
> >
> >
> > I look forward to any responses.
> >
> >
> > Kayne McGladrey
> > k.mcgladrey@worldnet.att.net
> >
> >
> 
> 
> 

-- 
Leo Edmiston-Cyr
Network Administrator, PennsWoods.net
http://www.pennswoods.net
814-624-2424 ext. 510