[Date Prev][Date Next]
Re: slap_auxprop: attribute type undefined
Ammar T. Al-Sayegh wrote:
I just installed openldap-2.2.17 with LDAP
auxprop plugin for SASL-enabled servers.
However, authentication is not going through
successfully. Following is the debug message
where I think it's failing:
slap_auxprop: str2ad(cmusaslsecretDIGEST-MD5): attribute type undefined
send_ldap_result: conn=0 op=0 p=3
SASL [conn=0] Failure: client response doesn't match what we generated
I'm assuming that auxprop is trying to look
for the password in the ldap directory, but
it's not trying to match it with userPassword,
but with cmusaslsecretDIGEST-MD5, which is
a non-existent property. Is this what is
happening? How can I correct this problem?
Is there a way to force it to compare with
It checks for both. You can just ignore the reference to cmusaslsecret*
unless you really want to use it. In Cyrus SASL 2, mechanism-specific
passwords are deperecated anyway and really only needed for the OTP mech.
Your problem here is simply that the value computed from userPassword
doesn't match what the user typed in. Remember that Cyrus and the ldapdb
plugin only works if the userPassword is stored in plain text, not in
any hashed format.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support