[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL DIGEST-MD5 and Realm

To: openldap-software@openldap.org
Subject: SASL DIGEST-MD5 and Realm
From: Eric <ef87@yahoo.com>
Date: Fri, 11 Apr 2008 18:25:58 -0700 (PDT)

Hello,

I am running OpenLDAP v2.3.39 and have some questions
regarding SASL. Is it possible to use realms with
DIGEST-MD5 and no saslauthdb running? I am using ldap
to store the uid and password and authz-regexp
statements to map user ids. However, it seems that
ldap tools do not pass the realm parameter to the
server with my setup.

example:

ldapsearch -Y digest-md5 -U eric -R example.com

slapd debug:

do_sasl_bind: dn () mech DIGEST-MD5
SASL [conn=8] Debug: DIGEST-MD5 server step 2
slap_sasl_getdn: u:id converted to
uid=deploy,cn=DIGEST-MD5,cn=auth
>>> dnNormalize: <uid=eric,cn=DIGEST-MD5,cn=auth>
<<< dnNormalize: <uid=eric,cn=digest-md5,cn=auth>
==>slap_sasl2dn: converting SASL name
uid=eric,cn=digest-md5,cn=auth to a DN

How come the realm parameter is missing?

Here is the authz-regexp I have in slapd.conf:

authz-regexp
       
uid=([^,]*),cn=example.com,cn=digest-md5,cn=auth
      
ldap:///ou=users,dc=example,dc=com??sub?(&(uid=$1)(objectClass=posixAccount))

Thanks!

Eric

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Prev by Date: Re: error while adding entry using ldap.jar JAVA API
Next by Date: Re: error while adding entry using ldap.jar JAVA API
Index(es):
- Chronological
- Thread