[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: PROBLEM: can't use SASL to authentication openldap client

"LI Ji D" <Ji.d.Li@alcatel-lucent.com> writes:

> Hi, Klünter
> 	Now I can use sasl to authenticate, but openldap seems using
> the password attribute stored in user in openldap to do the sasl. I
> expect openldap to use sasldb as an external source to do the
> authentication.
> 	1. My slapd.conf is below: include
> /usr/local/openldap/schema/core.schema include
> /usr/local/openldap/schema/cosine.schema include
> /usr/local/openldap/schema/inetorgperson.schema include
> /usr/local/openldap/schema/openldap.schema include
> /usr/local/openldap/schema/nis.schema pidfile
> /usr/local/openldap/slapd.1.pid argsfile
> /usr/local/openldap/slapd.1.args password-hash {CLEARTEXT}
> authz-regexp uid=(.*),cn=DIGEST-MD5,cn=auth
> ldap:///ou=people,dc=example,dc=com??one?(cn=$1)
> binddn="uid=proxy,ou=People,dc=example,dc=com" credentials=proxy
> mode=self
> database bdb suffix "ou=people,dc=example,dc=com" rootdn
> "cn=admin,ou=people,dc=example,dc=com"
> 	2. and also I create slapd.conf in
> /usr/local/sasl2/lib/sasl2/slapd.conf content is : pwcheck_method:
> auxprop auxprop_plugin: sasldb mech_list: digest-md5
> 	3. I use saslpasswd2 to create use and password.
> Can you help to check this?

Two questions:
1. has slapd been compiled with spasswd? The default setting is no. 
2. has the identity that runs slapd read access to sasldb? On most
   systems  slapd runs as user ldap and sasldb is owned by root.


Dieter Klünter | Systemberatung
sip: 7770535@sipgate.de