<span class="Apple-style-span" style="font-family: Times; font-size: medium; "><div><span class="Apple-style-span" style="font-family: Times; font-size: medium; ">Hello,</span></div><div><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span></div>On a redhat 6, openldap 2.4 and cyrus-sasl 2.1.23.</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br></span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; ">I create a sasldb syncuser user,</span><div><div><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> in my slapd.d configuration I add:</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; ">OlcAuthzRegexp: {0} " uid=syncuser, cn=DIGEST-MD5, cn=auth " " cn=syncuser, dc=xxx, dc=fr "</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br></span><span class="Apple-style-span" style="font-family: Times; font-size: medium; ">I give the right of reading has the utisilsateur ldap on sasldb.</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br></span><span class="Apple-style-span" style="font-family: Times; font-size: medium; ">PB during a ldapsearch:</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br></span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "># ldapsearch -Y DIGEST-MD5-U syncuser</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> -h localhost</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; ">ldap_sasl_interactive_bind_s: Invalid credentials ( 49 ) additional information: SASL ( 13 ): user not found: no secret in database</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br></span><span class="Apple-style-span" style="font-family: Times; font-size: medium; ">Slapd in debug mode sends back to me:</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br></span><span class="Apple-style-span" style="font-family: Times; font-size: medium; ">slapd[2608]: do_bind: dn () SASL mech DIGEST-MD5</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]:slapd[2608]: ==> sasl_bind: dn="" mech=<continuing> datalen=277</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: SASL [conn=1002] Debug: DIGEST-MD5 server step 2</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: SASL Canonicalize [conn=1002]: authcid="syncuser"</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: slap_sasl_getdn: conn 1002 id=syncuser [len=8]</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: slap_sasl_getdn: u:id converted to uid=syncuser,cn=DIGEST-MD5,cn=auth</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: >>> dnNormalize: <uid=syncuser,cn=DIGEST-MD5,cn=auth></span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: <<< dnNormalize: <uid=syncuser,cn=digest-md5,cn=auth></span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: ==>slap_sasl2dn: converting SASL name uid=syncuser,cn=digest-md5,cn=auth to a DN</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: [rw] authid: "uid=syncuser,cn=digest-md5,cn=auth" -> "cn=syncuser,dc=xxx,dc=fr"</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: slap_parseURI: parsing cn=syncuser,dc=xxx,dc=fr</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: >>> dnNormalize: <cn=syncuser,dc=xxx,dc=fr></span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: <<< dnNormalize: <cn=syncuser,dc=xxx,dc=fr></span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: <==slap_sasl2dn: Converted SASL name to cn=syncuser,dc=xxx,dc=fr</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: slap_sasl_getdn: dn:id converted to cn=syncuser,dc=xxx,dc=fr</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: SASL Canonicalize [conn=1002]: slapAuthcDN="cn=syncuser,dc=xxx,dc=fr"</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: => hdb_search</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br></span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: daemon: activity on 1 descriptor</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: daemon: activity on:</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br></span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]:</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> </span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: daemon: epoll: listen=7 active_threads=1 tvp=zero</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: daemon: epoll: listen=8 active_threads=1 tvp=zero</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: daemon: epoll: listen=9 active_threads=1 tvp=zero</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: daemon: epoll: listen=10 active_threads=1 tvp=zero</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: bdb_dn2entry("cn=syncuser,dc=xxx,dc=fr")</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: => hdb_dn2id("cn=syncuser,dc=xxx,dc=fr")</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: <= hdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988)</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: => access_allowed: disclose access to "dc=xxx,dc=fr" "entry" requested</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: => dnpat: [5] uid=([^,].*),ou=People,dc=xxx,dc=fr nsub: 1</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: => dnpat: [6] uid=([^,].*),ou=People,dc=xxx,dc=fr nsub: 1</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: => dn: [7] ou=people,dc=xxx,dc=fr</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: => dn: [8] ou=admin,dc=xxx,dc=fr</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: => dn: [9] ou=services,dc=xxx,dc=fr</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: => dnpat: [10] ou=groups,ou=(.*),ou=web,dc=xxx,dc=fr nsub: 1</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: => dnpat: [11] ou=(.*),ou=web,dc=xxx,dc=fr nsub: 1</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: => acl_get: [12] attr entry</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: => acl_mask: access to entry "dc=xxx,dc=fr", attr "entry" requested</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: => acl_mask: to all values by "", (=0)</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> </span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: <= check a_dn_pat: *</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br></span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: <= acl_mask: [2] applying read(=rscxd) (stop)</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: <= acl_mask: [2] mask: read(=rscxd)</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: => slap_access_allowed: disclose access granted by read(=rscxd)</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: => access_allowed: disclose access granted by read(=rscxd)</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: send_ldap_result: conn=1002 op=1 p=3</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: send_ldap_result: err=10 matched="dc=xxx,dc=fr" text=""</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: SASL Canonicalize [conn=1002]: authzid="syncuser"</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: SASL [conn=1002] Failure: no secret in database</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: send_ldap_result: conn=1002 op=1 p=3</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: send_ldap_result: err=49 matched="" text="SASL(-13): user not found: no secret in database"</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: send_ldap_response: msgid=2 tag=97 err=49</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: conn=1002 op=1 RESULT tag=97 err=49 text=SASL(-13): user not found: no secret in database</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: <== slap_sasl_bind: rc=49</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br></span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: daemon: activity on 1 descriptor</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: daemon: activity on:</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br></span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "> slapd[2608]: 31r</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br></span><span class="Apple-style-span" style="font-family: Times; font-size: medium; ">Thank you for your suggestions.</span><span class="Apple-style-span" style="font-family: Times; font-size: medium; "><br>
</span></div></div><div><font class="Apple-style-span" face="Times" size="3">B chataigne</font></div>