[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
still "more results to return"
Hi all,
I am running RHEL 3ES (2.4.21-9.EL), openldap-2.1.25, cyrus-sasl-2.1.17.
I have searched everywhere, broken and fixed sasl, read the howto's,
followed the directions. I still get "ldap_sasl_interactive_bind_s:
More results to return" every time I try a DIGEST-MD5 connection to my
ldap server. If I use -x everything is fine.
When I do this from the http://www.tldp.org/HOWTO/LDAP-HOWTO/sasl.html
doco, ldapsearch -U admin@rdnt03 -b 'o=Ever' '(objectclass=*)' (changing
attributes to match my ldap server) I get this result:
"ldap_sasl_interactive_bind_s: No such object"
When I do this: ldapsearch -U admin@doc1.cpc.net.au -b "dc=cpc"
'(objectclass=*)' -Y DIGEST-MD5
I get this result:
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: More results to return
Does anyone know what this means? Is this the expected result of
properly configured ldap and sasl server?
slapd.conf
*****************************
password-hash {CLEARTEXT}
sasl-host doc1.cpc.net.au
sasl-secprops noplain noanonymous maxssf=128
#sasl-regexp uid=(.*)cn=doc1.cpc.net.au,cn=digest-md5,cn=auth
uid=$1,ou=people,dc=cpc
sasl-regexp uid=(.*),cn=digest-md5,cn=auth
"ldap:///ou=people,dc=cpc??sub?uid=$1";
*****************************
supported mechs:
*******************************
supportedLDAPVersion: 3
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: ANONYMOUS
*******************************
It is my understanding that I don't have to saslpasswd2 every user into
the sasldb and that I can authenticate against cleartext passwords
stored only in my ldap server. Am I wrong in this assumption? Where can
I find the definitive howto for openldap and sasl digest-md5. I already
have the O'Reilly book.
Regards,
Dennis
--
dennis <dennis@utiba.com>