[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SASL authentication, user not found

lør, 2003-03-22 kl. 19:06 skrev Karl Lattimer:

> With the SASL regexp set to (In reply to Tony Earnshaw);

Basically, I owe this all (and a lot more :) to Howard Chu anyway, so
always believe him first ... heh ...

> sasl-regexp
>         "uid=(.*),cn=LSiaB,cn=DIGEST-MD5,cn=auth"
>         "uid=$1,ou=test,o=lsiab.lan"
> #       "ldap:///o=lsiab.lan??sub?=uid=$1";
> The # is there because I've been trying both with every thing I've changed.

Well, mine works and I cheesed mine off Howard!

1: Basically, maintain a standard DIT, but keep all userPassword s in
cleartext if you are going to use MD5 (CRAM or DIGEST) SASL;

2: In slapd.conf, use (single line):

"uid=(.*),cn=LSiaB,cn=DIGEST-MD5,cn=auth" "ldap:///o=lsiab.lan??sub?=uid=$1";

3: Search with:

ldapsearch -Y DIGEST-MD5 -U whatever-you-have-as-bind-uid 'uid=uid-you-want-to-search-for*'

Instead of "uid=uid-you-want-to-search-for*", you can put your desired filter.

If it doesn't work then, they tell me there's a great future in the funeral
business, at the moment.




Tony Earnshaw

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl