[Date Prev][Date Next] [Chronological] [Thread] [Top]


Hello all

I'm trying to get digest-md5 working with passwords stored in openldap
directory instead of sasldb2

According to the doc, it is possible
however, I got an error when I run this :

$ ldapsearch -Y DIGEST-MD5 -U francois -ZZ
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Internal (implementation specific) error
        additional info: SASL(-13): user not found: no secret in

and in the logs I got this kind of things :
====> cache_find_entry_id( 4 )
"cn=francois,ou=people,dc=enatel,dc=local" (found) (1 tries)
=> access_allowed: search access to
"cn=francois,ou=people,dc=enatel,dc=local" "objectClass" requested
=> acl_mask: access to entry "cn=francois,ou=people,dc=enatel,dc=local",
attr "objectClass" requested
<= check a_dn_pat: self
<= check a_dn_pat: cn=root,dc=enatel,dc=local
<= check a_dn_pat: anonymous
<= acl_mask: [3] applying auth(=x) (stop)
<= acl_mask: [3] mask: auth(=x)
=> access_allowed: search access denied by auth(=x)

then a look up in the sasldb2 file, then the error

I have password-hash {CLEARTEXT} in slapd.conf, and password are
cleartext (I checked)
Here are my acls :

access  to dn=".*,ou=people,dc=enatel,dc=local"
        by self write
        by dn.base="cn=root,dc=enatel,dc=local" write
        by * none

access  to *
        by dn.base="cn=root,dc=enatel,dc=local" write
        by * none

I think there are too restrictive
What is wrong ?