[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: SASL authentication, user not found
What does DIT mean?? Never heard that before is it Directory Information
Tree?? Acronym finders are pretty cool ;))
I store my passwords in the SASL database, I think it only stores the
crypts? So how am I supposed to keep them clear text??
Funeral business? Hmm not a career I'd like, I prefer linux, it doesn't die
as often.
Thanks Karl
-----Original Message-----
From: Tony Earnshaw [mailto:tonni@billy.demon.nl]
Sent: 22 March 2003 19:58
To: Karl Lattimer
Cc: OpenLDAP-software@OpenLDAP.org
Subject: RE: SASL authentication, user not found
lør, 2003-03-22 kl. 19:06 skrev Karl Lattimer:
> With the SASL regexp set to (In reply to Tony Earnshaw);
Basically, I owe this all (and a lot more :) to Howard Chu anyway, so
always believe him first ... heh ...
> sasl-regexp
> "uid=(.*),cn=LSiaB,cn=DIGEST-MD5,cn=auth"
> "uid=$1,ou=test,o=lsiab.lan"
> # "ldap:///o=lsiab.lan??sub?=uid=$1";
>
> The # is there because I've been trying both with every thing I've
changed.
Well, mine works and I cheesed mine off Howard!
1: Basically, maintain a standard DIT, but keep all userPassword s in
cleartext if you are going to use MD5 (CRAM or DIGEST) SASL;
2: In slapd.conf, use (single line):
sasl-regexp
"uid=(.*),cn=LSiaB,cn=DIGEST-MD5,cn=auth" "ldap:///o=lsiab.lan??sub?=uid=$1";
3: Search with:
ldapsearch -Y DIGEST-MD5 -U whatever-you-have-as-bind-uid
'uid=uid-you-want-to-search-for*'
Instead of "uid=uid-you-want-to-search-for*", you can put your desired
filter.
If it doesn't work then, they tell me there's a great future in the funeral
business, at the moment.
Best,
Tony
--
Tony Earnshaw
e-post: tonni@billy.demon.nl
www: http://www.billy.demon.nl