Just want to close the loop. The issue is fixed now. I was missing one package: cyrus-sasl-ldap along with salpd.conf which should be in /usr/lib64/sasl2 directory. I had it under /usr/lib/sasl2 per SASL configuration which works for cyrus-sasl version 1 only. For cyrus-sasl version 2 the configuration file needs to be under lib64 directory.
I want to thank you for pointing me to the right direction to address the issue. From: [email protected] To: [email protected] CC: [email protected]; [email protected] Subject: RE: [lsc-users] LSC Password Issue Date: Thu, 20 Nov 2014 10:34:31 -0800 Thanks, it has correct information. I'll focus on SASL/LDAP area as you suggested. Date: Thu, 20 Nov 2014 07:21:18 +0100 Subject: Re: [lsc-users] LSC Password Issue From: [email protected] To: [email protected] CC: [email protected]; [email protected] Hi Wei, User password are binary attributes. Try to decode it (base64) ... Regards, Le 20 nov. 2014 01:33, "W. Ho" <[email protected]> a écrit : Hi, I actually followed the reference link. However, one part is not clear to me perhaps you can clarify: The userPassword was in hashed format, i.e. userPassword: e1NBU0x9d2hvQGJvYXJkdmFudGFnZS5uZXQ=, when I ran ldapsearch command, not {SASL}[email protected]. When I use Apache Directory Studio it shows me userPassword is "SASL hashed password". Does it make any difference? Thanks, Date: Wed, 19 Nov 2014 21:58:37 +0100 Subject: Re: [lsc-users] LSC Password Issue From: [email protected] To: [email protected] CC: [email protected] 2014-11-19 20:44 GMT+01:00 W. Ho <[email protected]>: Hi List, Hi, I am setting up LSC to sync AD to OpenLDAP. Everything looks fine except the password does not work. The backgrounds: Source: Windows 2008 R2 Active Directory, 64-bit Destination: OpenLDAP: 2.4.23, 64-bit running on CentOS 6.5, 64-bit LSC: 2.1.1 JDK: Oracle/Sun 1.7.0_71 Password: Use AD as the main password store, configure the OpenLDAP directory server to redirect authentications there, via SASL and LDAP binds per instructions The CentOS is configured to allow SSH login only. After sync OpenLDAP with AD, I got all users' information with userPassword of SASL format. I can login to CentOS system with SSH key but not with password. Running sudo also failed because the password is not recognized. When I run "su -" command the system asks me twice, see below, for root password before I can su to root. I have provided the following information for your reference. Could someone please take a look and let me know what I have done incorrectly? Seems the LSC part is good if you have the SASL password in OpenLDAP. You can check this doc to see if your SASL configuration is ok: http://ltb-project.org/wiki/documentation/general/sasl_delegation But as your problem seems not related to LSC, you should try to get help on OpenLDAP mailing list for example. Clément. _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
