[Date Prev][Date Next]
Re: Re: SASL MD5 - another try
Am Fre, 2003-07-18 um 10.30 schrieb Alexander Lunyov:
> Hello Dieter,
> Friday, July 18, 2003, 11:35:05 AM, you wrote:
> >> In sasl-regexp was a typo. And also uppercase of DIGEST-MD5. Now
> >> i have
> >> ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
> >> additional info: SASL(-13): user not found: no secret in
> >> database
> DK> Did you put the password in plaintext into the entry? Otherwise sasl
> DK> couldn't read it.
> Yes, i did. I'm using java LDAPBrowser by Jarek Gawor - it's
> >> And with -d -1 in the log i don't see, that sasl-regexp are even
> >> touched - it something like searches for user in sasldb only, but
> >> that's not what i'm expecting :( All in vain :(
> DK> saslRegexp are loaded into cache when starting slapd, so you probabely
> DK> would not see any debugging output. But you could use strace or
> DK> whatever you use on your system to follow system calls.
> Hmm... Maybe i should try it.
> >> Once again - now with SASL working - should i compile ldapdb
> >> auxprop plugin? The only thing i want is to get rid of sasldb and,
> >> as it said in Admin's Guide, store secrets in LDAP itself. Or
> >> should i somehow modify LDAP structure? Or should i do what?
> DK> auxprop is only used for auxiliary databases like mySQL or posgresql.
> DK> Quite frankly I'm a bit lost now, as it works fine for me, with
> DK> userid's and credetials either stored in sasldb or in openldap, and I
> DK> didn't do any specific modifications.
> Not only, there is auxprop plugin for LDAP, and i have to try it -
> i'll tell you if i fail or win in this case.
> >> How to store secrets in LDAP?
> DK> You may use ldappasswd, or create an *.ldif file, or use a graphical
> DK> tool like GQ or Ldapbrowser.
> No, i mean how to store SASL secrets in LDAP DB? Maybe i should do
> some configuration over SASL?
It just struck my mind, that your problem might be a sasl realm.
As default, sasl takes host.domain.tld als realm, unless defined
Could you test with the cyrus-sasl test suite, if the sasl
authentification string contains the sasl-realm, you provide in your
Dieter Kluenter | Systemberatung
Tel:040.64861967 | Fax: 040.64891521