"LI Ji D" <[email protected]> writes: > Hi, > This is my comprehension: > 1. The client is connecting to SLAPD requesting an SASL bind. > 2. SLAPD uses the SASL subsystem (which checks the /usr/lib/sasl/slapd.conf > file for settings) to tell the client how to authenticate. In this case, it > tells the client to use DIGEST-MD5. > 3. The client sends the authentication information to SLAPD. > 4. SLAPD performs the translation specified in authz-regexp. > 5. SLAPD then checks the client's response (using the SASL subsystem) against > the information in /etc/sasldb2. > 6. When the client authentication succeeds, OpenLDAP runs the search and > returns the results to the client. > > So SLAPD just compares the password received form client and the one stored > in sasldb2, how could it relate to the one stored in ldap like "userPassword: > {SHA}5en6G6MezRroT3XKqkdPOmY/BfQ= " ?
Sorry, my bad. I forgot that you use sasldb as an external authentication source. My remarks where based on an internal sasl authentication. Try to raise the debug level in sasl/slapd.conf, something like 'loglevel: 7'. If you use syslog, allow sasl to log to auth. -Dieter -- Dieter Klünter | Systemberatung sip: +49.40.20932173 http://www.dpunkt.de/buecher/2104.html GPG Key ID:8EF7B6C6
