[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL MD5 - another try

Hello Alexander,

Alexander Lunyov <lan_mailing@startatom.ru> writes:

> Hello Dieter,
> Thursday, July 17, 2003, 11:20:40 PM, you wrote:
>>> DK> Are you shure, your saslRegexp are correctly set? 
>     Now that's it! At least now it asks for password :) Thanks for
>     opening my eyes!
> DK> For testing purposes just try 
> DK> sasl-regexp uid=(.*),cn=startatom,cn=*,cn=auth
>     I've tried also this, but - see below.
> DK> is node=33(10) a typo? or is in your sasl-regexp a typo.
>     In sasl-regexp was a typo. And also uppercase of DIGEST-MD5. Now
>     i have
> ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
>         additional info: SASL(-13): user not found: no secret in
>         database

Did you put the password in plaintext into the entry? Otherwise sasl
couldn't read it.
>     And with -d -1 in the log i don't see, that sasl-regexp are even
>     touched - it something like searches for user in sasldb only, but
>     that's not what i'm expecting :( All in vain :(

saslRegexp are loaded into cache when starting slapd, so you probabely
would not see any debugging output. But you could use strace or
whatever you use on your system to follow system calls.

>     Once again - now with SASL working - should i compile ldapdb
>     auxprop plugin? The only thing i want is to get rid of sasldb and,
>     as it said in Admin's Guide, store secrets in LDAP itself. Or
>     should i somehow modify LDAP structure? Or should i do what?

auxprop is only used for auxiliary databases like mySQL or posgresql.
Quite frankly I'm a bit lost now, as it works fine for me, with
userid's and credetials either stored in sasldb or in openldap, and I
didn't do any specific modifications.

>     How to store secrets in LDAP?

You may use ldappasswd, or create an *.ldif file, or use a graphical
tool like GQ or Ldapbrowser.


Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de