[Date Prev][Date Next] [Chronological] [Thread] [Top]

Authentication fail | sasl

it concerns the following problem:

If I remove the following entry from slapd.conf

access to * by * read

and I do a

ldapsearch -b "dc=0xdef,dc=net" -D "uid=pfeifer,ou=users,dc=0xdef,dc=net" "objectclass=*" -Y digest-md5

ldapsearch returns:

SASL/DIGEST-MD5 authentication started
Please enter your password: 
ldap_sasl_interactive_bind_s: Internal (implementation specific) error
additional info: SASL(-13): user not found: no secret in database

But when I added "access to * by * read

sasl mechanism is working!

Now I think sasl haven't the accurate access rights to access the users
ldap userPassword entry ("no secret in database"), because when there is
a worldwide read acces the mechanisn is ok!?

Here are my sldapd.conf entries for access stuff:

suffix          "dc=0xdef,dc=net"
rootdn          "cn=admin,dc=0xdef,dc=net"
rootpw          {SSHA}yVT8vzdssH5+5QlO7RRicsSufwAmCx7v
access to dn.base="" by * read

access to attribute=userPassword
          by dn="cn=root,dc=0xdef,dc=net" write
          by anonymous auth
          by self write
          by * none

 access to dn.subtree="uid=(.*),ou=users,dc=0xdef,dc=net"
          by  dn="uid=(.*),ou=users,dc=0xdef,dc=net" write
          by anonymous auth
          by * none