sasl realms don't work with digest-md5

["Schaefer, Dirk Alexander" <dirk.a.schaefer@mydom.ath.cx>]

hi all,

i've got a problem with the sasl authentication using digest-md5 and
multiple realms with my openldapServer 2.3.19 (fc5, yum).

i want to be able to authenticate against different subtrees of the dit
by using different realms and i was reading as many documentation,
howtos and so on as i was able to find at the net for at least the last
7 days. i don't get it running...!

currently, for testing, i use two different realms:

	mydomain.net   (o=home,dc=mydit,dc=lan)
	test.mydomain.net (o=test,dc=mydit,dc=lan)

in the slapd.conf i added:

	# sasl-realm mydomain.net
	
	authz-regexp
		uid=(.*),cn=test.mydomain.net,cn=digest-md5,cn=auth
		uid=$1,ou=users,o=test,dc=ditroot

	authz-regexp
		uid=(.*),cn=mydomain.net,cn=digest-md5,cn=auth
		uid=$1,ou=users,o=home,dc=ditroot

	authz-regexp
		uid=(.*),cn=digest-md5,cn=auth
		uid=$1,ou=users,o=home,dc=ditroot

as you can see, the sasl-realm parameter is commented.
whether or not i comment or uncomment it, it does not work.
(actualy it works, but only either for the default realm or through the
last sasl-regexp

if i set it, all authentication attemps are of the format:

	uid=XY,cn=mydomain.net,cn=digest-md5,cn=auth

if i do not set it, all authentication is done using:

	uid=XY,cn=digest-md5,cn=auth

i realy tried a lot, e.g.:
(things like -h, ... are covered by the ldap.conf)

	- ldapwhoami -U XY -R test.mydomain.net
	- ldapwhoami -U XY@test.mydomain.net
	- ldapsearch -U XY -R test.mydomain.net
	- ldap...

of course all of those test where performed with different -R, ...
values.

i realy do not know what to do anymore, i've got no more ideas...

also what i do not understand is whether or not this is a problem with
my cyrus-sasl installation, but i cannot imagine that. i guess i'm
missing something but i don't know what.

can someone help me with this, please?

have a nice day...

d.a.s.