Re[2]: SASL MD5 - another try

[Alexander Lunyov <lan_mailing@startatom.ru>]

Hello Dieter,

Friday, July 18, 2003, 11:35:05 AM, you wrote:

>> In sasl-regexp was a typo. And also uppercase of DIGEST-MD5. Now
>>     i have
>>
>> ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
>>         additional info: SASL(-13): user not found: no secret in
>>         database
DK> Did you put the password in plaintext into the entry? Otherwise sasl
DK> couldn't read it.

    Yes, i did. I'm using java LDAPBrowser by Jarek Gawor - it's
    plaintext.

>>     And with -d -1 in the log i don't see, that sasl-regexp are even
>>     touched - it something like searches for user in sasldb only, but
>>     that's not what i'm expecting :( All in vain :(
DK> saslRegexp are loaded into cache when starting slapd, so you probabely
DK> would not see any debugging output. But you could use strace or
DK> whatever you use on your system to follow system calls.

    Hmm... Maybe i should try it.

>>     Once again - now with SASL working - should i compile ldapdb
>>     auxprop plugin? The only thing i want is to get rid of sasldb and,
>>     as it said in Admin's Guide, store secrets in LDAP itself. Or
>>     should i somehow modify LDAP structure? Or should i do what?
DK> auxprop is only used for auxiliary databases like mySQL or posgresql.
DK> Quite frankly I'm a bit lost now, as it works fine for me, with
DK> userid's and credetials either stored in sasldb or in openldap, and I
DK> didn't do any specific modifications.

    Not only, there is auxprop plugin for LDAP, and i have to try it -
    i'll tell you if i fail or win in this case.

>>     How to store secrets in LDAP?
DK> You may use ldappasswd, or create an *.ldif file, or use a graphical
DK> tool like GQ or Ldapbrowser.

    No, i mean how to store SASL secrets in LDAP DB? Maybe i should do
    some configuration over SASL?

-- 
Best regards,
 Alexander                            mailto:lan_mailing@startatom.ru