[Date Prev][Date Next] [Chronological] [Thread] [Top]

openldap+sasl confusion


I am trying to install OpenLdap with SASL. The version of openldap i installed is openldap-2.4.16 whereas the cyrus-sasl version installed is cyrus-sasl-2.1.23. The BerkeleyDB version installed is 4.4. 

I followed the guidance in this link to do the installation : http://tldp.org/HOWTO/LDAP-HOWTO/sasl.html However, when i tried to add users defined in ldif file, I received ldap_sasl_interactive_bind_s: Invalid credentials (49) error when i keyed in the password generated for admin using saslpasswd2 command. I have a few questions:

1. After using saslpasswd2 to create the username and password in sasl database, do i need to add the entry into ldap database with slappasswd command? When i used slapadd command and it prompts for password, does it authenticate against sasl database or ldap database?

2. Do i need to issue saslpasswd2 for each and every user that i want to add into ldap database and to be authenticated via ldap? 
3. In the slapd.conf file, under rootpw, am i supposed to use the word "secret" or the cleartext password that i keyed in using saslpasswd2 or some encrypted password? 

4. What is the difference between sasl-regexp and authz-regexp?
5. Let's say i issued saslpasswd2 -c admin to create admin as the LDAP administrator. Does this mean in the slapd.conf, the rootdn should be admin or can it be another name, that will be mapped via sasl-regexp/authz-regexp? (Which does it use anyway between these 2 : sasl-regexp & authz-regexp?)

6. Previously I set up without sasl and it was rather straightforward, merely using slappasswd and save the encyrpted pasword into slapd.conf. Now, i am totally lost with its concept. I do know that names in ldap database has to be mapped to the names in sasl database. Hopefully you can enlighten me on the whole concept and how the configuration should be done.

Thank you. Hope to receive some advice and guidance.

Warmest Regards,
Seau Yeen