[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP 2.1.25 and SASL 2.1.13

Hi list

I'm trying to set up an OpenLDAP server with SASL support on OpenBSD 3.4-current.

I added the admin user to the sasl db, which has the same password as the admin user in slapd.conf:

saslpasswd2 -c Manager

And sasldblistusers show the following:

# /usr/local/sbin/sasldblistusers2
Manager@malaclypse.admin.msys.ch: userPassword
Manager@malaclypse.admin.msys.ch: cmusaslsecretOTP

If I want to do a search with ldapsearch, the following error occurs:

# ldapsearch -Y digest-md5 Manager@malaclypse.admin.msys.ch
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
       additional info: SASL(-13): user not found: no secret in database

So my question: Why can't sasl find the user in his database (I think this is sasldb2.db). Another strange thing for me is if I create the user root with saslpasswd2. The authentification works but only with this user root.. so if another user wants to authenticate per sasl, this wouldn't work.

slapd.log shows:
getdn: u:id converted to uid=root,cn=DIGEST-MD5,cn=auth
>>> dnNormalize: <uid=root,cn=DIGEST-MD5,cn=auth>
=> ldap_bv2dn(uid=root,cn=DIGEST-MD5,cn=auth,0)
<= ldap_bv2dn(uid=root,cn=DIGEST-MD5,cn=auth,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=root,cn=digest-md5,cn=auth,272)=0

Why does openldap always convert the user to root?

best regards