On 21/06/10 09:52 +0800, LI Ji D wrote:
3. Then I configure the slapd.conf to be like this:
authz-policy to
sasl-regexp "^uid=([^,]+),.*" "uid=$1,cn=bjims31,cn=digest-md5,cn=auth"
database bdb
suffix "dc=example,dc=com"
rootdn "uid=111,cn=digest-md5,cn=auth"
4. Then I use 'saslpasswd2 -c liji1' to add a user and create
/usr/lib/sasl2/slapd.conf with content:
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: plain login ntlm cram-md5 digest-md5
5. Then I start slapd with command 'slapd -d 1', and run
ldapwhoami with command: 'ldapwhoami -h localhost -U root -Y DIGEST-MD5 -p
389', but fails with reason: user not found: no secret in database.
The log of slapd is:
slap_sasl_getdn: u:id converted to uid=liji1,cn=DIGEST-MD5,cn=auth
dnNormalize: <uid=liji1,cn=DIGEST-MD5,cn=auth>
<<< dnNormalize: <uid=liji1,cn=digest-md5,cn=auth>
==>slap_sasl2dn: converting SASL name uid=liji1,cn=digest-md5,cn=auth to
a DN
slap_sasl_getdn: dn:id converted to
uid=liji1,cn=bjims31,cn=digest-md5,cn=auth
SASL [conn=1] Failure: no secret in database
It's not clear which user credentials are being retrieved from sasldb. Is
it uid=liji1,cn=digest-md5,cn=auth or liji1?
You could increase your cyrus debugging to get more information out of
syslog: Add an:
auth.debug...
to your syslog configuration, and add this to your
/usr/lib/sasl2/slapd.conf:
log_level: 7
--
Dan White
