[Date Prev][Date Next] [Chronological] [Thread] [Top]


Hi List,

Further to this I have recompiled and re-installed openldap-2.1.25 with these options as per one solution offered in the message lists.

CFLAGS ="-I/usr/local/BerkeleyDB.4.2/include -I/usr/lib/sasl2" LDFLAGS="-L/usr/local/BerkeleyDB.4.2/lib -L/usr/lib/sasl2" ./configure --prefix=/usr/local/openldap-2.1.25 --sysconfdir=/etc --enable-debug --enable-syslog --with-cyrus-sasl --with-threads --with-tls --enable-slapd --enable-cleartext --enable-spasswd --enable-rewrite --enable-wrappers --enable-bdb --enable-slurpd

same result I'm afraid.  Also I set this in the slapd.conf ACL
access to * by * write

and no change.

Please help.


From: "Ben Booble" <oneoutof100@hotmail.com>
To: OpenLDAP-software@OpenLDAP.org
Date: Fri, 30 Apr 2004 01:58:53 +0000

Hi List,
I have been going through the very good http://www.billy.demon.nl/ guide for postfix sasl ldap howto but have run into a problem.

I am running openldap-2.1.25, cryus-sasl-2.1.17, redhat ES3. I have compiled and install ldapdb.c according to the readme. In the guide mentioned above to test the success of the installation you submit this command..

ldapwhoami -Y digest-md5 -U proxyuser -X u:username -H ldap://servername

and the result should be dn:uid=username,ou=people,dc=... showing you can authenticate as the username.
I gather it is something to do with either ACLs or if not that something else. Can someone please look at below and give me a pointer?

My result is: ldap_sasl_interactive_bind_s: Insufficient access (50)

additional info: SASL(-14): authorization failure: not authorized


slap_parseURI: parsing dn.regex:uid=.*,ou=people,dc=cpc
dnNormalize: <dn.regex:uid=.*,ou=people,dc=cpc>
<===slap_sasl_match: comparison returned 21
<==slap_sasl_check_authz: saslAuthzTo check returning 48
<== slap_sasl_authorized: return 48
SASL Authorize [conn=6]:  authorization disallowed (48)
SASL [conn=6] Failure: not authorized

slapd.conf ACL
access to dn=".*,ou=people,dc=cpc"
by self write
by dn="cn=Manager,dc=cpc" write
by dn="uid=admin,ou=people,dc=cpc" read
by * auth
access to dn=".*,ou=Contacts,dc=cpc"
by * write
access to dn="dc=cpc"
by self write
by dn="cn=Manager,dc=cpc" write
by * read
by * auth
by anonymous search
by users read
access to *
by dn="uid=admin,ou=people,dc=cpc" write (added out of frustration)
access to dn=""
by dn="cn=Manager,dc=cpc" write
by dn="uid=admin,ou=people,dc=cpc" read
by self write
by users read
by * none

password-hash   {CLEARTEXT}
#sasl-host servername
sasl-authz-policy to
sasl-realm servername
sasl-secprops noplain noanonymous maxssf=128
sasl-regexp uid=(.*),cn=servername,cn=digest-md5,cn=auth
sasl-regexp uid=(.*),cn=digest-md5,cn=auth

ldapsearch -x -D "uid=admin,ou=people,dc=cpc" -W 'uid=admin' saslauthzto
# admin, people, cpc
dn: uid=admin,ou=people,dc=cpc
saslAuthzTo: dn.regex:uid=.*,ou=people,dc=cpc

Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail