[Date Prev][Date Next]
Re: SASL MD5 - another try
Friday, July 18, 2003, 11:35:05 AM, you wrote:
>> In sasl-regexp was a typo. And also uppercase of DIGEST-MD5. Now
>> i have
>> ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
>> additional info: SASL(-13): user not found: no secret in
DK> Did you put the password in plaintext into the entry? Otherwise sasl
DK> couldn't read it.
Yes, i did. I'm using java LDAPBrowser by Jarek Gawor - it's
>> And with -d -1 in the log i don't see, that sasl-regexp are even
>> touched - it something like searches for user in sasldb only, but
>> that's not what i'm expecting :( All in vain :(
DK> saslRegexp are loaded into cache when starting slapd, so you probabely
DK> would not see any debugging output. But you could use strace or
DK> whatever you use on your system to follow system calls.
Hmm... Maybe i should try it.
>> Once again - now with SASL working - should i compile ldapdb
>> auxprop plugin? The only thing i want is to get rid of sasldb and,
>> as it said in Admin's Guide, store secrets in LDAP itself. Or
>> should i somehow modify LDAP structure? Or should i do what?
DK> auxprop is only used for auxiliary databases like mySQL or posgresql.
DK> Quite frankly I'm a bit lost now, as it works fine for me, with
DK> userid's and credetials either stored in sasldb or in openldap, and I
DK> didn't do any specific modifications.
Not only, there is auxprop plugin for LDAP, and i have to try it -
i'll tell you if i fail or win in this case.
>> How to store secrets in LDAP?
DK> You may use ldappasswd, or create an *.ldif file, or use a graphical
DK> tool like GQ or Ldapbrowser.
No, i mean how to store SASL secrets in LDAP DB? Maybe i should do
some configuration over SASL?