Hi, Could you tell me how to read man slapd.conf(5)? I tried man slapd.conf(5), man slapd.conf in command line, but no entry found.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Dieter Kluenter Sent: Friday, August 06, 2010 3:55 PM To: [email protected] Subject: Re: PROBLEM: can't use SASL to authentication openldap client Hi, "LI Ji D" <[email protected]> writes: > Hi, > I'm using /usr/local/openldap/bin/ldapsearch -U admin -b > ou=people,dc=example,dc=com to test SASL authentication, slapd's log is below: [...] > bdb_dn2entry("cn=admin,ou=people,dc=example,dc=com") > slap_ap_lookup: str2ad(cmusaslsecretDIGEST-MD5): attribute type undefined > send_ldap_result: conn=2 op=2 p=3 > SASL Authorize [conn=2]: proxy authorization allowed authzDN="" > send_ldap_sasl: err=0 len=40 > do_bind: SASL/DIGEST-MD5 bind: dn="cn=admin,ou=people,dc=example,dc=com" > sasl_ssf=128 > send_ldap_response: msgid=3 tag=97 err=0 [...] >>include /usr/local/openldap/schema/core.schema >>include /usr/local/openldap/schema/cosine.schema >>include /usr/local/openldap/schema/inetorgperson.schema >>include /usr/local/openldap/schema/openldap.schema >>include /usr/local/openldap/schema/nis.schema >>pidfile /usr/local/openldap/slapd.1.pid >>argsfile /usr/local/openldap/slapd.1.args >>password-hash {CLEARTEXT} >>authz-regexp uid=(.*),cn=DIGEST-MD5,cn=auth >>ldap:///ou=people,dc=example,dc=com??one?(cn=$1) >>binddn="uid=proxy,ou=People,dc=example,dc=com" credentials=proxy mode=self [...] According to the logs and slapd.conf you are initiating a proxy authorization, but you have not defined such in slapd.conf. Read man slapd.conf(5) on authz-policy and the authzFrom and authzTo attribute types. -Dieter -- Dieter Klünter | Systemberatung sip: [email protected] http://www.dpunkt.de/buecher/2104.html GPG Key ID:8EF7B6C6
