[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem using PLAIN SASLMechanism




Hi,

I have to configure an second LDAP Server to store an big directory. This server should use our primary LDAP server to check the logins.

Here My Problem:

>ldapsearch -Y PLAIN -W -D uid=root,o=yyy,c=com -b "o=yyy,c=com" -s base supportedSASLMechanisms -d1 -O maxssf=0
ldap_create
Enter LDAP Password: ldap_sasl_interactive_bind_s: user selected: PLAIN
ldap_int_sasl_bind: PLAIN
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 127.0.0.1:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
ldap_int_sasl_open: host=grunix
ldap_err2string
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)



I have read I have to use PLAIN because of saslauthd can't use other mechanisms, is that right? The other mechanisms don't work also :-(



Here the result of the sasl test application:

   > testsaslauthd -s ldap -u root -p yyy -f /var/run/saslauthd/mux
   0: OK "Success."


And here my configuration:

/usr/lib/sasl2/slapd.conf:

   mech_list: PLAIN LOGIN GSSAPI DIGEST-MD5 CRAM-MD5 EXTERNAL
   pwcheck_method: saslauthd
   saslauthd_path: /var/run/saslauthd/mux
   log_level: 7

Here my /etc/openldap/slapd.conf

   include         /etc/openldap/schema/core.schema
   include         /etc/openldap/schema/cosine.schema
   include         /etc/openldap/schema/nis.schema
   include         /etc/openldap/schema/inetorgperson.schema

   pidfile         /var/run/openldap/slapd.pid
   argsfile        /var/run/openldap/slapd.args

   security ssf=0
   sasl-host       127.0.0.1
   sasl-realm      YYY.COM
   sasl-secprops   none

   access to dn.base="" by * read
   access to dn.base="cn=Subschema" by * read

   database        bdb
   suffix            o=yyy,c=com
   rootdn          cn=admin,o=yyy,c=com
   rootpw          secret
   directory       /var/lib/openldap-data
   index   objectClass     eq

   access to dn.subtree="o=yyy,c=com"
       by * read


I have entered "{SASL}root" to the userPassword attribute to forward the password to SASL.


versions:
   openldap 2.4.10
   cyrus-sasl 2.1.22

Has anyone an Idea what happens?

regards, Steffen