[Date Prev][Date Next]
Re: Getting LDAP and SASL (digest-md5) to play nice
Rick Stevens wrote:
So, SASL is happy with an entry in the sasldb, but obviously that DN
isn't in the LDAP database. So, I added an authz-regexp:
Now, ldapwhoami gives me:
[root@prophead ~]# ldapwhoami -w unix__gort
SASL/DIGEST-MD5 authentication started
SASL username: root
SASL SSF: 128
SASL installing layers
Result: Success (0)
Isn't that grand! That's what I want (I think),
Is that really what you think? Look closely.
but it requires
me to put an entry in the sasldb and I don't think that's necessary
from what I gather from the docs. However, without it, I can't
authenticate at all, and therefore can't even get to LDAP.
That being said, even that doesn't appear to be enough as I have an
access to attrs=userPassword
by dn="uid=root,ou=people,dc=gbsbilling,dc=com" write
And again, look closely.
> by dn="uid=root,ou=people,dc=gbsbilling,dc=com" write
by dn="cn=manager,dc=gbsbilling,dc=com" write
by dn="cn=manager,ou=aliases,dc=gbsbilling,dc=com" write
by anonymous auth
by self write
by * none
Pay attention to what you're doing.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/