Jittinan Suwanrueangsri <[email protected]> writes: > Dieter Kluenter wrote: > > Jittinan Suwanrueangsri <[email protected]> writes: [...] > There is nothing special to do. ldapsearch -Y DIGEST-MD5 -U foo -w > secret -H ldap://myhost -b dc=example,dc=com ... > All you have to do is to set the userPassword value as plaintext, > otherwise the challenge cannot be created. If you want to parse the > sasl authentication string to a DN, than you have to define a > authz-regexp in in slapd.conf(5) and the user has to have a uid > attribute. [...] > I still can not authenticate by using password from userPassword attribute .I > also attach 2 configuration files with this email. Are there any missing > configuration?
Could you provide some logs? [...] > # slapd.conf - Configuration file for LDAP SLAPD > ########## > authz-regexp > uid=([^,]+).*,cn=auth > uid=$1,ou=Users,dc=example,dc=com > authz-regexp > email=([^,]+),cn=([^,]+).*,c=TH$ > uid=$2,ou=Users,dc=example,dc=com > sasl-realm example.com > sasl-secprops none Is there any particular reason to define the second authz-regexp rule? > access to attrs=userPassword > by self write > by anonymous auth > by * none > access to dn.subtree="ou=System,dc=example,dc=com" > by group/groupOfUniqueNames/uniqueMember="cn=Ldap > Admins,ou=Groups,dc=example,dc=com" write > by users read > access to * > by self write > by users read > by * none [...] run slapd -d acl and post the relevant parts. -Dieter -- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:8EF7B6C6 53°37'09,95"N 10°08'02,42"E
