cyrus-sasl multiple realms using digest-md5 not work

Jack Li jackli7312 at yahoo.com.cn
Thu Jul 30 05:18:05 EDT 2009 

hi all,
i've got a problem with the sasl authentication using digest-md5 and
multiple realms with my openldapServer 2.4.16 (fc9).
i want to be able to authenticate against different subtrees of the dit
by using different realms and i was reading as many documentation,
howtos and so on as i was able to find at the net for at least the last
7 days. i don't get it running...!
currently, for testing, i use two different realms:
 mydomain.net   (o=home,dc=mydit,dc=lan)
 test.mydomain.net (o=test,dc=mydit,dc=lan)
in the slapd.conf i added:
 # sasl-realm mydomain.net
 
 authz-regexp
  uid=(.*),cn=test.mydomain.net,cn=digest-md5,cn=auth
  uid=$1,ou=users,o=test,dc=ditroot
 authz-regexp
  uid=(.*),cn=mydomain.net,cn=digest-md5,cn=auth
  uid=$1,ou=users,o=home,dc=ditroot
 authz-regexp
  uid=(.*),cn=digest-md5,cn=auth
  uid=$1,ou=users,o=home,dc=ditroot
as you can see, the sasl-realm parameter is commented.
whether or not i comment or uncomment it, it does not work.
(actualy it works, but only either for the default realm or through the
last sasl-regexp
if i set it, all authentication attemps are of the format:
 uid=XY,cn=mydomain.net,cn=digest-md5,cn=auth
if i do not set it, all authentication is done using:
 uid=XY,cn=digest-md5,cn=auth
i realy tried a lot, e.g.:
(things like -h, ... are covered by the ldap.conf)
 - ldapwhoami -U XY -R test.mydomain.net
 - ldapwhoami -U XY at test.mydomain.net
 - ldapsearch -U XY -R test.mydomain.net
 - ldap...
of course all of those test where performed with different -R, ...
values.
i realy do not know what to do anymore, i've got no more ideas...
also what i do not understand is whether or not this is a problem with
my cyrus-sasl installation, but i cannot imagine that. i guess i'm
missing something but i don't know what.
Please help.

Jack 



      ___________________________________________________________ 
  好玩贺卡等你发,邮箱贺卡全新上线! 
http://card.mail.cn.yahoo.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20090730/85c58909/attachment.html

More information about the Cyrus-sasl mailing list