Hi,
1. I add an: auth.debug... to my syslog configuration, and add this to
my /usr/lib/sasl2/slapd.conf: log_level: 7
So slapd.conf is :
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: digest-md5
log_level: 7
and syslog.conf is :
*.debug;mail.none;;cron.none /var/log/messages
auth.debug /var/log/secure
2. then I do /usr/local/openldap/bin/ldapsearch -U admin -b
ou=people,dc=example,dc=com
Log in /var/log/secure is:
Aug 9 14:53:54 bjims31 last message repeated 2 times
Aug 9 14:54:04 bjims31 last message repeated 3 times
Aug 9 14:54:04 bjims31 ldapsearch: DIGEST-MD5 client step 3
And log in /var/log/messages is:
Aug 9 14:53:56 bjims31 slapd[28549]: conn=1 fd=12 closed (connection lost)
Aug 9 14:54:02 bjims31 slapd[28549]: conn=2 op=0 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
Aug 9 14:54:02 bjims31 slapd[28549]: conn=2 op=0 SRCH
attr=supportedSASLMechanisms
Aug 9 14:54:02 bjims31 slapd[28549]: conn=2 fd=12 ACCEPT from
IP=127.0.0.1:46747 (IP=0.0.0.0:389)
Aug 9 14:54:02 bjims31 slapd[28549]: conn=2 op=0 SEARCH RESULT tag=101 err=0
nentries=1 text=
Aug 9 14:54:02 bjims31 slapd[28549]: conn=2 op=1 BIND dn="" method=163
Aug 9 14:54:02 bjims31 ldapsearch: DIGEST-MD5 client step 2
Aug 9 14:54:02 bjims31 slapd[28549]: conn=2 op=1 RESULT tag=97 err=14
text=SASL(0): successful result:
Aug 9 14:54:04 bjims31 ldapsearch: DIGEST-MD5 client step 2
Aug 9 14:54:04 bjims31 slapd[28549]: conn=2 op=2 BIND dn="" method=163
Aug 9 14:54:04 bjims31 slapd[28549]: <= bdb_equality_candidates: (objectClass)
not indexed
Aug 9 14:54:04 bjims31 slapd[28549]: <= bdb_equality_candidates: (cn) not
indexed
Aug 9 14:54:04 bjims31 slapd[28549]: conn=2 op=2 BIND authcid="admin"
authzid="admin"
Aug 9 14:54:04 bjims31 slapd[28549]: conn=2 op=2 BIND
dn="cn=admin,ou=people,dc=example,dc=com" mech=DIGEST-MD5 sasl_ssf=128 ssf=128
Aug 9 14:54:04 bjims31 slapd[28549]: conn=2 op=2 RESULT tag=97 err=0 text=
Aug 9 14:54:04 bjims31 ldapsearch: DIGEST-MD5 client step 3
Aug 9 14:54:04 bjims31 slapd[28549]: conn=2 op=3 SRCH
base="ou=people,dc=example,dc=com" scope=2 deref=0 filter="(objectClass=*)"
Aug 9 14:54:04 bjims31 slapd[28549]: conn=2 op=3 SEARCH RESULT tag=101 err=0
nentries=2 text=
Aug 9 14:54:04 bjims31 slapd[28549]: conn=2 op=4 UNBIND
Aug 9 14:54:04 bjims31 slapd[28549]: conn=2 fd=12 closed
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Dieter Kluenter
Sent: Friday, August 06, 2010 6:37 PM
To: [email protected]
Subject: Re: PROBLEM: can't use SASL to authentication openldap client
"LI Ji D" <[email protected]> writes:
> Hi, Klünter
> Now I can use sasl to authenticate, but openldap seems using the
> password attribute stored in user in openldap to do the sasl. I expect
> openldap to use sasldb as an external source to do the authentication.
enable debugging of the sasl library. Set debug 7 in sasl2/slapd.conf
and enable syslog to log auth.
-Dieter
--
Dieter Klünter | Systemberatung
sip: [email protected]
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6
