LDAP auth failure

Shelley Waltz shwaltz at cabm.rutgers.edu
Mon Nov 26 13:31:27 EST 2007


installed 

[root at roadrunner src]# rpm --install cyrus-sasl-ldap-2.1.22-4.i386.rpm
[root at roadrunner src]# rpm --install cyrus-sasl-md5-2.1.22-4.i386.rpm

and stop/start ldap and saslauthd
results are the same.

regarding doing sasl binds with ldapsearch, I am somewhat confused.
the rootdn == roadrunner.cabm.rutgers.edu password in the slapd.conf file
is in {MD5}, however, the userPassword for each uid are in {CRYPT} in my 
LDAP database.

What ldapsearch?



On Mon, 26 Nov 2007, Chapman, Kyle wrote:

   Your first ldapsearch example was with a non sasl bind (-x).  Try
   ldapsearch -Y <sasl mech> <other params>
   Looks like digest/cram-md5, gssapi mechs are not installed (at least via
   rpm???)
   
   Perhaps installing these may help as well:
   cyrus-sasl-ldap-2.1.22-4
   cyrus-sasl-md5-2.1.22-4
   
   To be clear, all this will do is validate that ldap+sasl is working ok,
   so do any of the other samples for sasl work (im used to the src build
   where the test stuff is under 'sample').
   
   
   -----Original Message-----
   From: Shelley Waltz [mailto:shwaltz at cabm.rutgers.edu] 
   Sent: Monday, November 26, 2007 12:26 PM
   To: cyrus-sasl at lists.andrew.cmu.edu; Chapman, Kyle
   Subject: RE: LDAP auth failure
   
   [root at roadrunner openldap]# rpm -qa|grep sasl
   cyrus-sasl-lib-2.1.22-4
   cyrus-sasl-2.1.22-4
   cyrus-sasl-devel-2.1.22-4
   cyrus-sasl-plain-2.1.22-4
   
   I mentioned that the md5 password for the rootdn does indeed work in my
   "luma" ldap browser/editor as well with ldapsearch non-anonymously.
   
   
   
   On Mon, 26 Nov 2007, Chapman, Kyle wrote:
   
      Is the digest-md5 or other sasl mechs installed (some distros did the
      mechs as sep rpms, don't recall what RH did)?
      
      Can you do any sasl binds with ldapsearch with the dn of:
      cn=waltz_shelley,dc=cabm.rutgers,dc=edu 
    
   NOTICE: This E-mail may contain confidential information. If you are not
   the addressee or the intended recipient please do not read this E-mail
   and please immediately delete this e-mail message and any attachments
   from your workstation or network mail system. If you are the addressee
   or the intended recipient and you save or print a copy of this E-mail,
   please place it in an appropriate file, depending on whether
   confidential information is contained in the message.
   


More information about the Cyrus-sasl mailing list