Re: SASL EXTERNAL, sasldb2 and authz-regexp

["Dieter Kluenter" <dieter@dkluenter.de>]

Götz Reinicke - IT-Koordinator <goetz.reinicke@filmakademie.de> writes:

> Hi folks,
[...]
> My consumer server should bind to the provider using sasl with the
> saslmech external. (Red Hat 5.x, cyrus-sasl-2.1.22, openldap-2.3.43-3 )
>
> I'v changed the slapd.conf files on both servers:
>
> consumer:
>
> syncrepl       	...
>                	bindmethod=sasl
> 		saslmech=EXTERNAL
>                	starttls=yes
>
> provider:
>
> authz-regexp
> 	"dn=email=webmaster@filmakademie.de,cn=ldap2.filmakademie.de,ou=it
> officenet,o=filmakademie baden-wuerttemberg
> gmbh,l=ludwigbsburg,st=baden-wuerttemberg,c=de"
> 	"cn=replicator,dc=filmakademie,dc=de"
>
> after restarting both servers I do get the error:
>
> <==slap_sasl2dn: Converted SASL name to <nothing>
> SASL [conn=0] Error: unable to open Berkeley db /etc/sasldb2: No such
> file or directory

[...]

I don't see a configuration for client certs, as an example I provide
my slapd.conf

syncrepl rid=042
        provider=ldap://rubin.avci.de
        sizelimit=unlimited
        bindmethod=sasl
        saslmech=external
        starttls=yes
        tls_cert=/etc/openldap/certs/replicator.pem
        tls_key=/etc/openldap/certs/replicator-key.pem
        tls_cacert=/etc/openldap/certs/avciCA.pem
        tls_reqcert=demand
        searchbase="o=avci,c=de"
        scope=sub
        [...]

-Dieter


-- 
Dieter Klünter | Systemberatung
sip: +49.40.20932173
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6