[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Re[2]: SASL MD5 - another try

Hi Alexander,

Am Fre, 2003-07-18 um 10.30 schrieb Alexander Lunyov:
> Hello Dieter,
> Friday, July 18, 2003, 11:35:05 AM, you wrote:
> >> In sasl-regexp was a typo. And also uppercase of DIGEST-MD5. Now
> >>     i have
> >>
> >> ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
> >>         additional info: SASL(-13): user not found: no secret in
> >>         database
> DK> Did you put the password in plaintext into the entry? Otherwise sasl
> DK> couldn't read it.
>     Yes, i did. I'm using java LDAPBrowser by Jarek Gawor - it's
>     plaintext.
> >>     And with -d -1 in the log i don't see, that sasl-regexp are even
> >>     touched - it something like searches for user in sasldb only, but
> >>     that's not what i'm expecting :( All in vain :(
> DK> saslRegexp are loaded into cache when starting slapd, so you probabely
> DK> would not see any debugging output. But you could use strace or
> DK> whatever you use on your system to follow system calls.
>     Hmm... Maybe i should try it.
> >>     Once again - now with SASL working - should i compile ldapdb
> >>     auxprop plugin? The only thing i want is to get rid of sasldb and,
> >>     as it said in Admin's Guide, store secrets in LDAP itself. Or
> >>     should i somehow modify LDAP structure? Or should i do what?
> DK> auxprop is only used for auxiliary databases like mySQL or posgresql.
> DK> Quite frankly I'm a bit lost now, as it works fine for me, with
> DK> userid's and credetials either stored in sasldb or in openldap, and I
> DK> didn't do any specific modifications.
>     Not only, there is auxprop plugin for LDAP, and i have to try it -
>     i'll tell you if i fail or win in this case.
> >>     How to store secrets in LDAP?
> DK> You may use ldappasswd, or create an *.ldif file, or use a graphical
> DK> tool like GQ or Ldapbrowser.
>     No, i mean how to store SASL secrets in LDAP DB? Maybe i should do
>     some configuration over SASL?

It just struck my mind, that your problem might be a sasl realm.
As default, sasl takes host.domain.tld als realm, unless defined
Could you test with the cyrus-sasl test suite, if the sasl
authentification string contains the sasl-realm, you provide in your


Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de