[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL Digest-md5 authentication w/ openldap 2.1.16

To: OpenLDAP <openldap-software@OpenLDAP.org>
Subject: SASL Digest-md5 authentication w/ openldap 2.1.16
From: Edward Rudd <eddie@omegaware.com>
Date: 31 May 2003 02:08:05 -0500
Organization:

I've read through the admin guide manual way too many times.. and I
can't
find anything wrong with my setup...
Here we go..
I'm trying to get sasl bind authentication to with with openldap 2.1.16.
I
have things set up like this


---/etc/openldap/slapd.conf
password-hash {CLEARTEXT}
sasl-regexp
    uid=(.*),cn=(.*),cn=digest-md5,cn=auth
    uid=$1,ou=People,o=OmegaWare,c=US
---
for some reason the -R realm arg is being ignored on ldapsearch so I am
passing user@dom.tld in the -U parameter and ignoring the default realm


---/usr/lib/sasl2/slapd.conf
mech_list: digest-md5 cram-md5
---
that is being send this is to disable gssapi as an auth mech


---uid entry in LDAP
dn: uid=user@dom.tld,ou=People,o=MyOrg,c=US
objectClass:top
objectClass:person
sn: user
cn: my user
userPassword: test
---
I'm using GQ to update my LDAP and put userPassword in using CLEAR


Now on to the errors..
ldapsearch -U user@dom.tld -b o=MyOrg,c=US
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Internal (implementation specific) error
(80)
        additional info: SASL(-13): user not found: no secret in
database

with -d 255 I get all the network traffic information and from that I
see
things like.
username="user@dom.tld",realm="myinternal.host.name",....


in my /var/log/ldap.log (default logging settings I get
--- /var/log/ldap.log
conn=19 fd=13 ACCCEPT from IP=127.0.0.1:1302 (ip=0.0.0.0:389)
conn=19 op=0 SRCH base="" scope=0 filter="(objectClass=*)"
conn=19 op=0 SRCH attr=supportedSASLMechanisms
conn=19 op=9 RESULT tag=101 err=0 text=
conn=19 op=1 BIND dn="" method=163
conn=19 op=2 BIND dn="" method=163
SASL [conn=19] Error: unable to open Berkely db /etc/sasldb2: No such
file
or directory
las messager repeated 2 times
conn=0 op=0 RESULT tag=101 err=32 text=
SASL [conn=19] Failure: no secret in database
conn=19 op=2 RESULT tag=97 err=80 text="SASL(-13): user not found: no
secret in database
conn=19 fd=13 closed
---

Now if I create a sasldb2 and add in user in there (user@dom.tld doesn't
work)
I can auth as 
ldapsearch -U user
but I don't want my users in the sasldb.. I want them in the LDAP
directory along with the passwords in the LDAP directory??
Any ideas on what's misconfigured??
I'm using simon matters cyrus-sasl2 rpms and I'm using open-it.org's
openldap RPMS All rebuilt on a RH 7.3 system..

Oh and I have simple authentication working perfectly and running.

Edward Rudd.

Follow-Ups:
- Re: [SOLVED] SASL Digest-md5 authentication w/ openldap 2.1.16
  - From: Edward Rudd <eddie@omegaware.com>

Prev by Date: Re: Still I am uanble to execute ldapsearch
Next by Date: Re: Still I am uanble to execute ldapsearch
Index(es):
- Chronological
- Thread