[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problems with SASL & openLDAP



Another newbie problem

I have openLDAP 2.1.22 installed on a RH9 machine with cyrus-sasl-2.1.10-4.

I have added users to the openLDAP database using cleartext passwords as follows

dn: cn=First User,ou=MemberGroupA,dc=example,dc=com
ou: MemberGroupA
cn: First User
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: firstuser
userPassword: cleartext
etc.

I have made an entry in sldap.conf following the guides

password-hash {CLEARTEXT}

# database access control definitions
access to attr=userPassword
         by self write
         by anonymous auth
         by dn.base="cn=Manager,dc=exmaple,dc=com" write
         by * none

If I use the standard /etc/init.d/saslauthd start a "ps -ef | grep sasl" gives

root 22723 1 0 Aug18 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd/mux -a shadow

When I try to change the ldappasswd I get the following

[root@test root]# ldappasswd firstuser
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
       additional info: SASL(-13): user not found: no secret in database

I have not yet gone onto Mapping Authentication identities to LDAP entries section of the openLDAP sasl guide. However I am unclear wether the starting of saslauthd using the "-a shadow" shown above is correct.

The sasl2 libraries are all there as expected in /usr/lib/sasl2, trying to use saslpasswd2 also gives errors!!!

Am I treading the correct path! or have I made a dumbo error already. I am leading towards a sasl/ldap config issue given the "secret in database" error given above when the ldappasswd command is entered.

Cheers

Greg

--
Support Engineer

Tel: Fax:

Disclaimer

Please note: This email is confidential and may also be privileged.

Please notify us immediately, if you are not the intended recipient.

You should not copy it, forward it or use it for any purpose or disclose
its contents to any person.

In sending this email, the sender is not acting as an agent,
representative or in any other capacity for or on behalf of TSS.

We cannot accept liability for any loss or damage caused by software
viruses.