Hello All,
Thks for helping me out, however i'm still stuck in middle of it and the
issue has not yet resolved.
*Error:*
/u01/app/openldap/product/2.4.26/etc/openldap>ldapsearch -Y DIGEST-MD5 -U
sasluser7 -b 'o=xyz'
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): user not found: no secret in database
I checked for ACL and also now i'm using authz with following lines:
authz-regexp uid=([^,]*),cn=DIGEST-MD5,cn=auth uid=$1,ou=System,o=xyz
access to attrs="userpassword"
by self write
by anonymous auth
by dn="uid=sasluser7,ou=System,o=xyz" read
access to dn.base="o=xyz"
by dn="uid=sasluser7,ou=System,o=xyz" read
by users read
access to dn.subtree="ou=Subscribers,o=xyz"
by dn="uid=sasluser7,ou=System,o=xyz" read
access to *
by self write
by dn="uid=sasluser7,ou=System,o=xyz" read
I hope it is fine.
Moreover, we can say that the user is created:
/u01/app/openldap/product/2.4.26/etc/openldap>ldapsearch -x -W -D
'cn=manager,o=xyz' -b 'uid=sasluser7,ou=System,o=xyz'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <uid=sasluser7,ou=System,o=xyz> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# sasluser7, System, xyz
dn: uid=sasluser7,ou=System,o=xyz
uid: sasluser7
ou: System
description: Special account for SASL Testing
userPassword:: c2FzbVHzZXI3
objectClass: account
objectClass: simpleSecurityObject
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Also, i would like to highlight one thing:
That when i check for sasl dblist users - it thorws me an error. Can that
be an issue point?
/u01/app/openldap/product/2.4.26/etc/openldap>sasldblistusers
-bash: sasldblistusers: command not found
Please help me out in moving forward. Thks a lot for your support.
Regards,
Gaurav Gugnani
On Fri, Feb 3, 2012 at 8:44 PM, Dan White <[email protected]> wrote:
> On 02/03/12 16:12 +0530, Gaurav Gugnani wrote:
>
>> Hello All,
>>
>> I've installed the cyrus-sasl-md5-2.1.22-5.el5_4.**3.x86_64.rpm package.
>>
>> *Logs:*
>>
>>
>> /root>pluginviewer
>>
>> Installed SASL (server side) mechanisms are:
>>
>> *CRAM-MD5 ANONYMOUS DIGEST-MD5 PLAIN LOGIN EXTERNAL*
>>
>> ......
>>
>>
>> **
>>
>>
>> /u01/app/openldap/product/2.4.**26/etc/openldap>ldapsearch -x -b "" -s
>> base
>> -LLL supportedSASLMechanisms
>> dn:
>> *supportedSASLMechanisms: CRAM-MD5
>> supportedSASLMechanisms: DIGEST-MD5**
>>
>>
>> *
>> and again started with SASL process (tried several times) but everytime...
>> got an error:
>> *Steps i followed:*
>>
>> 1> saslpasswd2 -c sasluser3
>> 2> sasldblistusers2
>>
>
> These two steps are not necessary.
>
> 3> Stop LDAP
>> 4> edit slapd.conf and add following lines:
>> password-hash {CLEARTEXT}
>> sasl-regexp uid=(.*),cn=DIGEST-MD5,cn=auth uid=$1,ou=System,o=xyz
>> 5> Start LDAP
>> 6> Add account from ldif:
>> add_sasl_accnt3.ldif
>> ----------------------------
>> # TEST Account for SASL:
>> dn: uid=sasluser3,ou=System,o=xyz
>> uid: sasluser3
>> ou: System
>> description: Special account for SASL Testing
>> userPassword: sasluser3
>> objectClass: account
>> objectClass: simpleSecurityObject
>> 7> ldapadd -x -D cn=Manager,o=xyz -W -f add_sasl_accnt3.ldif
>> 8> *ldapsearch -Y DIGEST-MD5 -U sasluser3 -b 'o=xyz'*
>> Or
>> *ldapsearch -U sasluser5 -b 'o=xyz'*
>>
>>
>> But evrytime got error as:
>> SASL/DIGEST-MD5 authentication started
>> Please enter your password:
>> ldap_sasl_interactive_bind_s: Invalid credentials (49)
>> additional info: SASL(-13): user not found: no secret in database
>>
>
> This is an error indicating that the user entry within ldap could not be
> found, and two possible reasons are you do not have ACLs configured
> properly, or your sasl-regexp is misconfigured.
>
> Depending on the version of slapd, 'sasl-regexp' should instead be
> 'authz-regexp'. It appears from the output below that you are using version
> 2.4.26, so you should using 'authz-regexp'.
>
> For documentation on configuring them, reference the OpenLDAP 2.4 Admin
> Guide.
>
> For trouble shooting ACL misconfigurations, try running slapd in debug
> mode, or increase your logging.
>
>
> On Thu, Feb 2, 2012 at 11:13 PM, Gaurav Gugnani <[email protected]>
>> **wrote:
>>
>> Hello,
>>>
>>> Thks for helping me out. Yes, the package is missing.
>>>
>>> The O/P of plugin viewer:
>>> /u01/app/openldap/product/2.4.**26/etc/openldap>pluginviewer
>>> Installed SASL (server side) mechanisms are:
>>> ANONYMOUS PLAIN LOGIN EXTERNAL
>>>
>>
> --
> Dan White
>
