LDAP auth failure
Shelley Waltz
shwaltz at cabm.rutgers.edu
Mon Nov 26 13:31:27 EST 2007
installed
[root at roadrunner src]# rpm --install cyrus-sasl-ldap-2.1.22-4.i386.rpm
[root at roadrunner src]# rpm --install cyrus-sasl-md5-2.1.22-4.i386.rpm
and stop/start ldap and saslauthd
results are the same.
regarding doing sasl binds with ldapsearch, I am somewhat confused.
the rootdn == roadrunner.cabm.rutgers.edu password in the slapd.conf file
is in {MD5}, however, the userPassword for each uid are in {CRYPT} in my
LDAP database.
What ldapsearch?
On Mon, 26 Nov 2007, Chapman, Kyle wrote:
Your first ldapsearch example was with a non sasl bind (-x). Try
ldapsearch -Y <sasl mech> <other params>
Looks like digest/cram-md5, gssapi mechs are not installed (at least via
rpm???)
Perhaps installing these may help as well:
cyrus-sasl-ldap-2.1.22-4
cyrus-sasl-md5-2.1.22-4
To be clear, all this will do is validate that ldap+sasl is working ok,
so do any of the other samples for sasl work (im used to the src build
where the test stuff is under 'sample').
-----Original Message-----
From: Shelley Waltz [mailto:shwaltz at cabm.rutgers.edu]
Sent: Monday, November 26, 2007 12:26 PM
To: cyrus-sasl at lists.andrew.cmu.edu; Chapman, Kyle
Subject: RE: LDAP auth failure
[root at roadrunner openldap]# rpm -qa|grep sasl
cyrus-sasl-lib-2.1.22-4
cyrus-sasl-2.1.22-4
cyrus-sasl-devel-2.1.22-4
cyrus-sasl-plain-2.1.22-4
I mentioned that the md5 password for the rootdn does indeed work in my
"luma" ldap browser/editor as well with ldapsearch non-anonymously.
On Mon, 26 Nov 2007, Chapman, Kyle wrote:
Is the digest-md5 or other sasl mechs installed (some distros did the
mechs as sep rpms, don't recall what RH did)?
Can you do any sasl binds with ldapsearch with the dn of:
cn=waltz_shelley,dc=cabm.rutgers,dc=edu
NOTICE: This E-mail may contain confidential information. If you are not
the addressee or the intended recipient please do not read this E-mail
and please immediately delete this e-mail message and any attachments
from your workstation or network mail system. If you are the addressee
or the intended recipient and you save or print a copy of this E-mail,
please place it in an appropriate file, depending on whether
confidential information is contained in the message.
More information about the Cyrus-sasl
mailing list