SASL + LDAP

Giovanni Malfarà giovanni.malfara at gmail.com
Thu Apr 15 09:33:30 EDT 2010 

On 04/14/2010 06:19 AM, Dan White wrote:
> So assuming you don't want to use the custom method, your config looks
> like:
>
> ldap_servers: ldap://ldap.example.net/
> ldap_use_sasl: yes
> ldap_mech: DIGEST-MD5
>
> Or whatever mech you want to use. The fastbind auth method appears to
> just
> do a sasl bind with the credentials supplied by the user.
>
Thank you very much. I changed the sasslauthd.conf file accordingo to
your suggetstions but it still does not work.
In slapd (slapd -d -1) debug messages I get:

.
.
.
>>> slap_listener(ldap:///)
connection_get(16): got connid=7
connection_read(16): checking for input on id=7
ber_get_next
ber_get_next: tag 0x30 len 24 contents:
ber_get_next
do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt ({m) ber:
ber_scanf fmt (}}) ber:
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_sasl_bind: dn () mech DIGEST-MD5
SASL [conn=7] Debug: DIGEST-MD5 server step 1
send_ldap_sasl: err=14 len=196
send_ldap_response: msgid=1 tag=97 err=14
ber_flush: 215 bytes to sd 16
<== slap_sasl_bind: rc=14
connection_get(16): got connid=7
connection_read(16): checking for input on id=7
ber_get_next
ber_get_next: tag 0x30 len 342 contents:
ber_get_next
do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt ({m) ber:
ber_scanf fmt (m) ber:
ber_scanf fmt (}}) ber:
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_sasl_bind: dn () mech DIGEST-MD5
SASL [conn=7] Debug: DIGEST-MD5 server step 2
slap_sasl_getdn: u:id converted to
uid=test at mycompany.it,cn=DIGEST-MD5,cn=auth
>>> dnNormalize: <uid=test at mycompany.it,cn=DIGEST-MD5,cn=auth>
<<< dnNormalize: <uid=test at mycompany.it,cn=digest-md5,cn=auth>
==>slap_sasl2dn: converting SASL name
uid=test at mycompany.it,cn=digest-md5,cn=auth to a DN
slap_authz_regexp: converting SASL name
uid=test at mycompany.it,cn=digest-md5,cn=auth
<==slap_sasl2dn: Converted SASL name to <nothing>
SASL [conn=7] Failure: no secret in database
send_ldap_result: conn=7 op=1 p=3
send_ldap_response: msgid=2 tag=97 err=49
ber_flush: 62 bytes to sd 16
<== slap_sasl_bind: rc=49

It seems like sasl-regexp are not parsed in slapd.conf file.

Thank you very much!

-- 

Giovanni Malfarà

Per favore non mandatemi allegati in Word o PowerPoint.
Si veda http://www.gnu.org/philosophy/no-word-attachments.it.html 

"Ciò che conta in guerra non sono gli uomini, è l'uomo cioè il soldato che sa battersi fino in fondo, difendendo un pezzo di terra o, contro ogni logica, un brandello di idea". (Napoleone Bonaparte).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: giovanni_malfara.vcf
Type: text/x-vcard
Size: 181 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20100415/056ecbf6/attachment.vcf

More information about the Cyrus-sasl mailing list