[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SASL MD5 database setting?

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Kent Soper

> I have my slapd.conf complete with sasl-regexp's.  Is there a
> setting or
> special usage to make SASL search LDAP over sasldb for secrets?

slapd will always perform the internal search first, in addition to anything
> When I perform a ldapsearch the server output shows the dn is
> mapped to a valid entry in the directory.

I find this hard to believe; your sasl-regexp is invalid.

> However the process is trying
> to find the
> entry in sasldb and not in my LDAP directory.  The error is:

Yes, it always will try all possible sources unless you create a SASL config
file telling it not to like so:

	auxprop_plugin: slapd

> ldap_sasl_interactive_bind_s:  Internal (implementation
> specific) error
> (80)
>       additional info:  SASL (-13):  user not found: no
> secret in database

This means the user was not found in *any* database, not just sasldb.

> my sasl-regexp:
> sasl-regexp "uid=(.*),cn=cram-md5,cn=auth"
>       "ldaps:///dc=myserver,dc=com??sub?cn=$1,cn=my system"

The search filter in the LDAP URI is incorrect. The use of "ldaps:" for the
scheme specifier is accepted but pointless; since the lookups are done by
internal searches there is no protocol mechanism involved. Just use
"ldap:///"; for consistency's sake, please.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support