Hi,
My problem is that I expect slapd to authenticate with the password
stored in sasldb. But it's not, it uses the password stored in userpassword
attribute of this user which is a item of openldap.
So I want to know, how can slapd use password stored in sasldb to do
the sasl authentication.
Thanks
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Dieter Kluenter
Sent: Monday, August 09, 2010 4:48 PM
To: [email protected]
Subject: Re: PROBLEM: can't use SASL to authentication openldap client
Hi,
"LI Ji D" <[email protected]> writes:
> Hi,
> 1. I add an: auth.debug... to my syslog configuration, and add this to
> my /usr/lib/sasl2/slapd.conf: log_level: 7
> So slapd.conf is :
> pwcheck_method: auxprop
> auxprop_plugin: sasldb
> mech_list: digest-md5
> log_level: 7
> and syslog.conf is :
> *.debug;mail.none;;cron.none /var/log/messages
> auth.debug /var/log/secure
>
> 2. then I do /usr/local/openldap/bin/ldapsearch -U admin -b
> ou=people,dc=example,dc=com
> Log in /var/log/secure is:
> Aug 9 14:53:54 bjims31 last message repeated 2 times
> Aug 9 14:54:04 bjims31 last message repeated 3 times
> Aug 9 14:54:04 bjims31 ldapsearch: DIGEST-MD5 client step 3
>
> And log in /var/log/messages is:
> Aug 9 14:53:56 bjims31 slapd[28549]: conn=1 fd=12 closed (connection
> lost)
> Aug 9 14:54:02 bjims31 slapd[28549]: conn=2 op=0 SRCH base="" scope=0
> deref=0 filter="(objectClass=*)"
> Aug 9 14:54:02 bjims31 slapd[28549]: conn=2 op=0 SRCH
> attr=supportedSASLMechanisms
> Aug 9 14:54:02 bjims31 slapd[28549]: conn=2 fd=12 ACCEPT from
> IP=127.0.0.1:46747 (IP=0.0.0.0:389)
> Aug 9 14:54:02 bjims31 slapd[28549]: conn=2 op=0 SEARCH RESULT tag=101 err=0
> nentries=1 text=
> Aug 9 14:54:02 bjims31 slapd[28549]: conn=2 op=1 BIND dn="" method=163
> Aug 9 14:54:02 bjims31 ldapsearch: DIGEST-MD5 client step 2
> Aug 9 14:54:02 bjims31 slapd[28549]: conn=2 op=1 RESULT tag=97 err=14
> text=SASL(0): successful result:
> Aug 9 14:54:04 bjims31 ldapsearch: DIGEST-MD5 client step 2
> Aug 9 14:54:04 bjims31 slapd[28549]: conn=2 op=2 BIND dn="" method=163
> Aug 9 14:54:04 bjims31 slapd[28549]: <= bdb_equality_candidates:
> (objectClass) not indexed
> Aug 9 14:54:04 bjims31 slapd[28549]: <= bdb_equality_candidates: (cn) not
> indexed
> Aug 9 14:54:04 bjims31 slapd[28549]: conn=2 op=2 BIND authcid="admin"
> authzid="admin"
> Aug 9 14:54:04 bjims31 slapd[28549]: conn=2 op=2 BIND
> dn="cn=admin,ou=people,dc=example,dc=com" mech=DIGEST-MD5
> sasl_ssf=128 ssf=128
This is a successful bind, what is your problem here?
-Dieter
--
Dieter Klünter | Systemberatung
sip: [email protected]
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6
