Re: PROBLEM: can't use SASL to authentication openldap client

Mon, 09 Aug 2010 01:51:45 -0700 

Hi,

"LI Ji D" <[email protected]> writes:

> Hi,
>       1. I add an: auth.debug... to my syslog configuration, and add this to 
> my /usr/lib/sasl2/slapd.conf: log_level: 7
>       So slapd.conf is :
>               pwcheck_method: auxprop
>               auxprop_plugin: sasldb
>               mech_list: digest-md5
>               log_level: 7
>       and syslog.conf is :
>               *.debug;mail.none;;cron.none            /var/log/messages
>               auth.debug                              /var/log/secure
>
>       2. then I do /usr/local/openldap/bin/ldapsearch -U admin -b 
> ou=people,dc=example,dc=com
>       Log in /var/log/secure is:
>       Aug  9 14:53:54 bjims31 last message repeated 2 times
>       Aug  9 14:54:04 bjims31 last message repeated 3 times
>       Aug  9 14:54:04 bjims31 ldapsearch: DIGEST-MD5 client step 3
>
>       And log in /var/log/messages is:
>      Aug  9 14:53:56 bjims31 slapd[28549]: conn=1 fd=12 closed (connection 
> lost)
> Aug  9 14:54:02 bjims31 slapd[28549]: conn=2 op=0 SRCH base="" scope=0 
> deref=0 filter="(objectClass=*)"
> Aug  9 14:54:02 bjims31 slapd[28549]: conn=2 op=0 SRCH 
> attr=supportedSASLMechanisms
> Aug  9 14:54:02 bjims31 slapd[28549]: conn=2 fd=12 ACCEPT from 
> IP=127.0.0.1:46747 (IP=0.0.0.0:389)
> Aug  9 14:54:02 bjims31 slapd[28549]: conn=2 op=0 SEARCH RESULT tag=101 err=0 
> nentries=1 text=
> Aug  9 14:54:02 bjims31 slapd[28549]: conn=2 op=1 BIND dn="" method=163
> Aug  9 14:54:02 bjims31 ldapsearch: DIGEST-MD5 client step 2
> Aug  9 14:54:02 bjims31 slapd[28549]: conn=2 op=1 RESULT tag=97 err=14 
> text=SASL(0): successful result:
> Aug  9 14:54:04 bjims31 ldapsearch: DIGEST-MD5 client step 2
> Aug  9 14:54:04 bjims31 slapd[28549]: conn=2 op=2 BIND dn="" method=163
> Aug  9 14:54:04 bjims31 slapd[28549]: <= bdb_equality_candidates: 
> (objectClass) not indexed
> Aug  9 14:54:04 bjims31 slapd[28549]: <= bdb_equality_candidates: (cn) not 
> indexed
> Aug  9 14:54:04 bjims31 slapd[28549]: conn=2 op=2 BIND authcid="admin" 
> authzid="admin"
> Aug  9 14:54:04 bjims31 slapd[28549]: conn=2 op=2 BIND
> dn="cn=admin,ou=people,dc=example,dc=com" mech=DIGEST-MD5
> sasl_ssf=128 ssf=128

This is a successful bind, what is your problem here? 

-Dieter

-- 
Dieter Klünter | Systemberatung
sip: [email protected] 
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6

Reply via email to