[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Re[2]: Problems with SASL & openLDAP






Hi Alexander,

> KS> First, run a "ldapwhoami -Y digest-md5" to see the form of the SASL
auth
> KS> DN.  No, 'digest-md5' does not need to be in caps.
>
> KS> might work:
> KS> //with a realm ...
> KS> sasl-regexp
> KS>       uid=(.*),cn=.*,cn=digest-md5,cn=auth
> KS>       ldap:///ou=MemberGroupA,dc=example,dc=com??sub?(uid=$1)

> KS> //without a realm ...
> KS> sasl-regexp
> KS>       uid=(.*),cn=digest-md5,cn=auth
> KS>       ldap:///ou=MemberGroupA,dc=example,dc=com??sub?(uid=$1)
>
>       You have to put mech in uppercase here, cn=DIGEST-MD5, or it
>       won't work.

That's strange.  The SASL auth DN is normalized to lower case according to
my slapd debug output.  Does the output of the ldapwhoami command contains
uppercase too?

Are your software versions older?

My setup:
RedHat 9.0
OpenLDAP 2.1.21
Cyrus-SASL 2.1.13

Greg Wilson's setup:
RedHat 9.0
OpenLDAP 2.1.22
Cyrus-SASL 2.1.10

Cheers,
Kent Soper

"You don't stop playing because you grow old ...
       you grow old because you stop playing."

Linux Technology Center, Linux Security
phone:  1-512-838-9216
e-mail:  dksoper@us.ibm.com