[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL troubles

To: openldap-software@OpenLDAP.org
Subject: SASL troubles
From: Pavel Levshin <flicker@mariinsky.ru>
Date: Fri, 7 Sep 2001 18:33:50 +0400
Organization: Mariinsky Theatre

Hello all,

I'm trying to setup an LDAP server, and there are some difficulties
which I have seen. It is OpenLDAP 2.0.11 with Cyrus SASL 1.5.24, and,
in general, it worked.


First, I applied simple restriction on my database:

access to * by dn=uid=user,dc=mariinsky,dc=ru read

Then I was unable to even bind with ldapsearch. After a hour of
debugging I had figured out that I need:

access to ^$ by * read

for ldapsearch to work correctly. It does anonymous search of
supportedSASLMechanisms before actual bind.


Second, in the Administrator's Guide there are "SASL-based" examples
of rootdn etc:

rootdn     "uid=user@EXAMPLE.COM"

But it does not work. I was needed to investigate the problem and
write:

rootdn     "uid=user+realm=my.sasl.realm"


I'm just wondering, why these not-so-easy things is not documented
anywhere?


WBR, Pavel          mailto:flicker@mariinsky.ru    icq:52216261

Follow-Ups:
- Re: SASL troubles
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: Little clue
Next by Date: pam_ldap authentication
Index(es):
- Chronological
- Thread