[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SASL authentication, user not found

What does DIT mean?? Never heard that before is it Directory Information
Tree?? Acronym finders are pretty cool ;)) 

I store my passwords in the SASL database, I think it only stores the
crypts? So how am I supposed to keep them clear text??

Funeral business? Hmm not a career I'd like, I prefer linux, it doesn't die
as often.

Thanks Karl

-----Original Message-----
From: Tony Earnshaw [mailto:tonni@billy.demon.nl] 
Sent: 22 March 2003 19:58
To: Karl Lattimer
Cc: OpenLDAP-software@OpenLDAP.org
Subject: RE: SASL authentication, user not found

lør, 2003-03-22 kl. 19:06 skrev Karl Lattimer:

> With the SASL regexp set to (In reply to Tony Earnshaw);

Basically, I owe this all (and a lot more :) to Howard Chu anyway, so
always believe him first ... heh ...

> sasl-regexp
>         "uid=(.*),cn=LSiaB,cn=DIGEST-MD5,cn=auth"
>         "uid=$1,ou=test,o=lsiab.lan"
> #       "ldap:///o=lsiab.lan??sub?=uid=$1";
> The # is there because I've been trying both with every thing I've

Well, mine works and I cheesed mine off Howard!

1: Basically, maintain a standard DIT, but keep all userPassword s in
cleartext if you are going to use MD5 (CRAM or DIGEST) SASL;

2: In slapd.conf, use (single line):

"uid=(.*),cn=LSiaB,cn=DIGEST-MD5,cn=auth" "ldap:///o=lsiab.lan??sub?=uid=$1";

3: Search with:

ldapsearch -Y DIGEST-MD5 -U whatever-you-have-as-bind-uid

Instead of "uid=uid-you-want-to-search-for*", you can put your desired

If it doesn't work then, they tell me there's a great future in the funeral
business, at the moment.




Tony Earnshaw

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl