issue with DIGEST-MD5
mark gavrilman
gavrilman_mark at mail.ru
Sun Dec 6 13:42:13 EST 2015
Hi experts,
I'm pretty new for cyrus-sasl. For several last days i'm trying to configure DIGEST-MD5 cyrus-sasl-2.1.26.tar.gz mechnism to authenticate to openldap: 2-4-42(backend is berkley db 5.3.28). I'm very interested in understanding and knowing this grteat software, my purpose is to configure those packages from sources. I made a lot of googling, nothing was helpful
Please assist me to resolve this issue
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Error message is:
[root at company admin]# ldapsearch -LLL -U test2 at company.local -v '(uid=test2)' uid
ldap_initialize( <DEFAULT> )
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80)
additional info: SASL(-1): generic failure: unable to canonify user and get auxprops
[root at company admin]#
-----------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------
sasldblistusers2
[root at company admin]# sasldblistusers2
test2 at company.local: userPassword
[root at company admin]#
-------------------------------------------------
-------------------------------------------------
sasl2/slapd.conf
# SASL Configuration
mech_list: DIGEST-MD5
pwcheck_method: auxprop
sasldb_path: /etc/sasldb2
-----------------------------------------------------------------
-----------------------------------------------------------------
ldif
# Matt Butcher
dn: uid=test2,ou=Users,dc=company,dc=local
ou: Users
# Name info:
uid: matt
cn: test
sn: test
givenName: Matt
givenName: Matthew
displayName: Matt Butcher
# Work Info:
title: Systems Integrator
description: Systems Integration and IT for Example.Com
employeeType: Employee
departmentNumber: 001
employeeNumber: 001-08-98
mail: mbutcher at company.local
mail: test2 at company.local
roomNumber: 301
telephoneNumber: +1 555 555 4321
mobile: +1 555 555 6789
st: Illinois
l: Chicago
street: 1234 Cicero Ave.
# Home Info:
homePhone: +1 555 555 9876
homePostalAddress: 1234 home street $ Chicago, IL $ 60699-1234
# Misc:
userPassword: {MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ
preferredLanguage: en-us,en-gb
# Object Classes:
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
-----------------------------------------------------------------
-----------------------------------------------------------------
slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
# Load dynamic backend modules:
# modulepath /usr/local/libexec/openldap
# moduleload back_bdb.la
# moduleload back_hdb.la
# moduleload back_ldap.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#access to attrs=userPassword
# by anonymous auth
# by self write
# by * none
#access to *
# by anonymous auth
# by self write
# by * none
authz-regexp "^uid=([^,]+).*,cn=auth$" "uid=$1,ou=Users,dc=company,dc=local"
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "dc=company,dc=local"
rootdn "cn=Manager,dc=company,dc=local"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/var/openldap-data
# Indices to maintain
index objectClass eq
--
best regards
mark gavrilman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20151206/3c0f24f7/attachment.html>
More information about the Cyrus-sasl
mailing list