Dear fellow Debianites: Hopefully there are those of you out there who have experience with the OpenLDAP server 2.0.7 (from Sid) and it's authentication methodologies, 'cause I need help bad. I'm trying to move to LDAP authentication and will be using the libpam_ldap to do so. Setting up the server is no problem, I'm having troubles getting PLAIN authentication to work. I get errors using the ldapsearch unless I use the -x
When I leave the SASL_SECPROPS at the default in the config files (which won't work for me anyway), I get: $ldapsearch -W -D "cn=admin,ou=People,dc=digiterra,dc=com" 'objectClass=*' Enter LDAP Password: ldap_sasl_interactive_bind_s: No such attribute When I set the SASL_SECPROPS to none, I get: -$ldapsearch -W -D "cn=admin,ou=People,dc=digiterra,dc=com" 'objectClass=*' -Enter LDAP Password: -SASL/LOGIN authentication started -ldap_sasl_interactive_bind_s: Out of memory I've been going back over this for a week trying to figure out when/what/where/why for pam->ldap->sasl->tts/ssl and I'm blurried eyed. I finally noticed the SASL/LOGIN in the last attempt. Now to my understanding I want SASL/PLAIN so I can use the libpam_ldap. How do I get this to happen? Plain is available: -$ldapsearch -x -b "" -s base -LL supportedSASLMechanisms -dn: -supportedSASLMechanisms: LOGIN -supportedSASLMechanisms: PLAIN -supportedSASLMechanisms: ANONYMOUS I could really use some guidance. I have no idea how to tell SASL to do plain authentication in this case. I've read many a 'mini-howto' on doing this and I've set my options similar, but there is something still escaping me. I'm including my configs below. Thank for any help. ############ # $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.4.8.6 2000/09/05 # BASE dc=digiterra, dc=com SASL_SECPROPS none ############# # Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema schemacheck off #referral ldap://ldap.four11.com pidfile /var/run/slapd.pid argsfile /var/run/slapd.args loglevel 0 sasl-secprops none # ldbm database definitions database ldbm suffix "dc=digiterra,dc=com" directory "/var/lib/ldap" lastmod on access to dn=".*,ou=Roaming,dc=digiterra,dc=com" by dnattr=owner write access to attribute=userPassword by dn="cn=admin,ou=People,dc=digiterra,dc=com" write by anonymous auth by self write by * none access to * by dn="cn=admin,ou=People,dc=digiterra,dc=com" write by * read