[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL authentication against OpenLDAP

To: openldap-software@OpenLDAP.org
Subject: Re: SASL authentication against OpenLDAP
From: Dieter Kluenter <dieter@dkluenter.de>
Date: Sun, 08 Aug 2004 09:47:17 +0200
In-reply-to: <41138F7E.6080001@bryanray.org.uk> (Bryan Ray's message of "Fri, 06 Aug 2004 15:02:38 +0100")
References: <41138F7E.6080001@bryanray.org.uk>
User-agent: Gnus/5.1002 (Gnus v5.10.2) XEmacs/21.4 (Rational FORTRAN, linux)

Bryan Ray <bryan@bryanray.org.uk> writes:

> Hi,
>     I am having a touble getting SASL to play ball with openldap, and
>     would be grateful for any help in finding a solution.
>
> I have been following 'http://www.openldap.org/doc/admin22/sasl.html'
> with the aim of allowing my ldap tools (ldapsearch,ldapmodify,etc) to
> authenticate using details held in the ldap server. I wish to use the
> Digest-MD5 mechanism.
[...]
> # SASL Authentication
> sasl-host milkyway.bryanray.org.uk
> sasl-realm milkyway
> sasl-regexp uid=(.*),cn=milkyway.*,cn=digest-md5,cn=auth
> ldap:///dc=bryanray,dc=org,dc=uk??sub?(uid=$1)
> sasl-regexp uid=(.*),cn=digest-md5,cn=auth
> ldap:///dc=bryanray,dc=org,dc=uk??sub?(&(uid=$1)(objectclass=posixAccount))
> #sasl-secprops none,noanonymous
[...]

The sasl-regexp has to be written in one line or folded in ldif
format.And check the sasl authentication string by running slapd with
debugging mode 261.

-Dieter
-- 
Dieter Klünter | Systemberatung
Tel.: +49.40.64861967
Fax : +49.40.64891521
http://www.avci.de

References:
- SASL authentication against OpenLDAP
  - From: Bryan Ray <bryan@bryanray.org.uk>

Prev by Date: Re: Multiple Slave LDAP Servers
Next by Date: Update to slave replica problem
Index(es):
- Chronological
- Thread