[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL authentication and simple bind


I am using OpenLDAP (2.0.18) authenticating on a WinNT 
domain PDC via SASL and PAM_winbind module

OpenLDAP ==> SASL ==> PAM ==> pam_winbind ==> NT PDC server

SASL mechanism used is PLAIN

SASL secprops has NONE value in 'ldap.conf 'and 'slapd.conf' files

When using 'ldapsearch' with SASL auth

  (i.e. : 'ldapsearch -L -U MYNTDOMAIN_myntuid -b "mydc"....') 

All works fine : the user NTDOMAIN_myntuid is correctly 
authenticated on my WinNT PDC serveur, then ldapsearch 
results are printed
Trace in system log confirms that pam_winbind module has 
granted access

When I try ldapsearch with simple authentication (with -x and -W flags)

('ldapsearch -L -x -W -D "cn=myname,ou=people,dc=mydc" -b "mydc"....')

result is 
ldap_bind: Invalid credentials

my 'people' database has an entry 

dn: cn=myname,ou=people,dc=mydc 

with a 'userPassword' attribute.

  userPassword: {SASL}MYNTDOMAIN_myntuid

Slapd has SASL spassword enabled ( --enable-spaswd) (as mentionned in a 
Kurt's message found in this mailing list history)

launching Slapd in debug mode (-d 255) 
I can verify that the password is well typed.
But I can find PAM call trace in the system log. It seems that SASL doesn't 
make the call to the PAM modules

What is misconfigured ? What am I doing wrong ?
Is the value syntax of the userPassword attribute not correct ?

Any help ? 

Jacques Landru