<HTML><BODY><br><br style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;"><span style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;">Hi experts,</span><br style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;"><br style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;"><span style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;">I'm pretty new for cyrus-sasl. For several last days i'm trying to configure DIGEST-MD5 cyrus-sasl-2.1.26.tar.gz mechnism to authenticate to openldap: 2-4-42(backend is berkley db 5.3.28). I'm very interested in understanding and knowing this grteat software, my purpose is to configure those packages from sources. I made a lot of googling, nothing was helpful</span><br style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;"><br style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;"><span style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;">Please assist me to resolve this issue</span><br style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;"><span style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;">----------------------------------------------------------------------------</span><br style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;"><span style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;">---------------------------------------------------------------------------</span><br style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;"><span style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;">Error message is:</span><br style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;"><p style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;">[root@company admin]# ldapsearch -LLL -U <a style="color: #0077cc;" href="https://e.mail.ru/compose?To=test2@company.local" data-mce-href="https://e.mail.ru/compose?To=test2@company.local" data-mce-style="color: #0077cc;">test2@company.local</a> -v '(uid=test2)' uid<br>ldap_initialize( <DEFAULT> )<br>SASL/DIGEST-MD5 authentication started<br>Please enter your password:<br>ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80)<br>additional info: SASL(-1): generic failure: unable to canonify user and get auxprops<br>[root@company admin]#<br>-----------------------------------------------------------------------------------------<br>----------------------------------------------------------------------------------------<br> sasldblistusers2<br><br>[root@company admin]# sasldblistusers2</p><p style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;">test2@company.local: userPassword<br>[root@company admin]#<br>-------------------------------------------------<br>-------------------------------------------------<br>sasl2/slapd.conf</p><p style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;"># SASL Configuration<br>mech_list: DIGEST-MD5<br>pwcheck_method: auxprop<br>sasldb_path: /etc/sasldb2</p><p style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;">-----------------------------------------------------------------<br>-----------------------------------------------------------------<br>ldif<br><br></p><p style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;"># Matt Butcher<br>dn: uid=test2,ou=Users,dc=company,dc=local<br>ou: Users<br># Name info:<br>uid: matt<br>cn: test<br>sn: test<br>givenName: Matt<br>givenName: Matthew<br>displayName: Matt Butcher<br># Work Info:<br>title: Systems Integrator<br>description: Systems Integration and IT for Example.Com<br>employeeType: Employee<br>departmentNumber: 001<br>employeeNumber: 001-08-98<br>mail: <a style="color: #0077cc;" href="https://e.mail.ru/compose?To=mbutcher@company.local" data-mce-href="https://e.mail.ru/compose?To=mbutcher@company.local" data-mce-style="color: #0077cc;">mbutcher@company.local</a><br>mail: <a style="color: #0077cc;" href="https://e.mail.ru/compose?To=test2@company.local" data-mce-href="https://e.mail.ru/compose?To=test2@company.local" data-mce-style="color: #0077cc;">test2@company.local</a><br>roomNumber: 301<br>telephoneNumber: <span class="js-phone-number highlight-phone" style="color: #0077cc; border-bottom-width: 1px; border-bottom-style: dotted; border-bottom-color: #0077cc; cursor: pointer;" title="Позвонить через Веб-Агент" data-mce-style="color: #0077cc; border-bottom-width: 1px; border-bottom-style: dotted; border-bottom-color: #0077cc; cursor: pointer;">+1 555 555 4321</span><br>mobile: <span class="js-phone-number highlight-phone" style="color: #0077cc; border-bottom-width: 1px; border-bottom-style: dotted; border-bottom-color: #0077cc; cursor: pointer;" title="Позвонить через Веб-Агент" data-mce-style="color: #0077cc; border-bottom-width: 1px; border-bottom-style: dotted; border-bottom-color: #0077cc; cursor: pointer;">+1 555 555 6789</span><br>st: Illinois<br>l: Chicago<br>street: 1234 Cicero Ave.<br># Home Info:<br>homePhone: <span class="js-phone-number highlight-phone" style="color: #0077cc; border-bottom-width: 1px; border-bottom-style: dotted; border-bottom-color: #0077cc; cursor: pointer;" title="Позвонить через Веб-Агент" data-mce-style="color: #0077cc; border-bottom-width: 1px; border-bottom-style: dotted; border-bottom-color: #0077cc; cursor: pointer;">+1 555 555 9876</span><br>homePostalAddress: 1234 home street $ Chicago, IL $ 60699-1234<br># Misc:<br>userPassword: {MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ<br>preferredLanguage: en-us,en-gb<br># Object Classes:<br>objectClass: person<br>objectClass: organizationalPerson<br>objectClass: inetOrgPerson</p><p style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;"><br>-----------------------------------------------------------------<br>-----------------------------------------------------------------<br>slapd.conf</p><p style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;">#<br># See slapd.conf(5) for details on configuration options.<br># This file should NOT be world readable.<br>#<br>include /usr/local/etc/openldap/schema/core.schema<br>include /usr/local/etc/openldap/schema/cosine.schema<br>include /usr/local/etc/openldap/schema/inetorgperson.schema</p><p style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;"># Define global ACLs to disable default read access.</p><p style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;"># Do not enable referrals until AFTER you have a working directory<br># service AND an understanding of referrals.<br>#referral ldap://root.openldap.org</p><p style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;">pidfile /usr/local/var/run/slapd.pid<br>argsfile /usr/local/var/run/slapd.args</p><p style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;"># Load dynamic backend modules:<br># modulepath /usr/local/libexec/openldap<br># moduleload back_bdb.la<br># moduleload back_hdb.la<br># moduleload back_ldap.la</p><p style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;"># Sample security restrictions<br># Require integrity protection (prevent hijacking)<br># Require 112-bit (3DES or better) encryption for updates<br># Require 63-bit encryption for simple bind<br># security ssf=1 update_ssf=112 simple_bind=64</p><p style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;"># Sample access control policy:<br># Root DSE: allow anyone to read it<br># Subschema (sub)entry DSE: allow anyone to read it<br># Other DSEs:<br># Allow self write access<br># Allow authenticated users read access<br># Allow anonymous users to authenticate<br># Directives needed to implement policy:<br># access to dn.base="" by * read<br># access to dn.base="cn=Subschema" by * read<br># access to *<br># by self write<br># by users read<br># by anonymous auth<br>#<br># if no access controls are present, the default policy<br># allows anyone and everyone to read anything but restricts<br># updates to rootdn. (e.g., "access to * by * read")<br>#<br># rootdn can always read and write EVERYTHING!<br>#access to attrs=userPassword<br># by anonymous auth<br># by self write<br># by * none<br>#access to *<br># by anonymous auth<br># by self write<br># by * none</p><p style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;">authz-regexp "^uid=([^,]+).*,cn=auth$" "uid=$1,ou=Users,dc=company,dc=local"<br>#######################################################################<br># BDB database definitions<br>#######################################################################</p><p style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;" data-mce-style="font-family: Arial, Tahoma, Verdana, sans-serif; line-height: 18.2px;">database bdb<br>suffix "dc=company,dc=local"<br>rootdn "cn=Manager,dc=company,dc=local"<br># Cleartext passwords, especially for the rootdn, should<br># be avoid. See slappasswd(8) and slapd.conf(5) for details.<br># Use of strong authentication encouraged.<br>rootpw secret<br># The database directory MUST exist prior to running slapd AND <br># should only be accessible by the slapd and slap tools.<br># Mode 700 recommended.<br>directory /usr/local/var/openldap-data<br># Indices to maintain<br>index objectClass eq</p><div> </div><br><br>-- <br>best regards<br>mark gavrilman</BODY></HTML>