[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: PROBLEM: can't use SASL to authentication openldap client



Hi,
	I have link /usr/lib/sasl2 to /usr/local/sasl2/lib/sasl2/, so I think it will not be problem.

-----Original Message-----
From: Dan White [mailto:dwhite@olp.net] 
Sent: Friday, August 06, 2010 10:35 AM
To: LI Ji D
Cc: Dieter Kluenter; openldap-technical@openldap.org
Subject: Re: PROBLEM: can't use SASL to authentication openldap client

On 05/08/10 16:35 +0800, LI Ji D wrote:
>Hi, Klünter
>	Now I can use sasl to authenticate, but openldap seems using the password attribute stored in user in openldap to do the sasl. I expect openldap to use sasldb as an external source to do the authentication.
>	1. My slapd.conf is below:
>include         /usr/local/openldap/schema/core.schema
>include         /usr/local/openldap/schema/cosine.schema
>include         /usr/local/openldap/schema/inetorgperson.schema
>include         /usr/local/openldap/schema/openldap.schema
>include         /usr/local/openldap/schema/nis.schema
>pidfile         /usr/local/openldap/slapd.1.pid
>argsfile        /usr/local/openldap/slapd.1.args
>password-hash {CLEARTEXT}
>authz-regexp uid=(.*),cn=DIGEST-MD5,cn=auth ldap:///ou=people,dc=example,dc=com??one?(cn=$1) binddn="uid=proxy,ou=People,dc=example,dc=com" credentials=proxy mode=self
>
>database bdb
>suffix   "ou=people,dc=example,dc=com"
>rootdn   "cn=admin,ou=people,dc=example,dc=com"
>	
>	2. and also I create slapd.conf in /usr/local/sasl2/lib/sasl2/slapd.conf
>content is :
>pwcheck_method: auxprop
>auxprop_plugin: sasldb
>mech_list: digest-md5

You may have hit the same issue that Brent did. Most likely you will need
to create this file within /usr/lib/sasl2 or /etc/sasl2 instead.

Alternatively, you can set the environment variable SASL_CONF_PATH to
instruct the sasl glue library where to search for config files. See the
man page for sasl_getconfpath_t for details.

-- 
Dan White