[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem with openldap 2.0.6 and SASL [follow-up]

To: openldap-software@OpenLDAP.org
Subject: Re: Problem with openldap 2.0.6 and SASL [follow-up]
From: Rob Tanner <rtanner@cheshire.onlinemac.com>
Date: Sun, 29 Oct 2000 12:33:59 -0800
Content-disposition: inline
In-reply-to: <109780000.972781278@cheshire.onlinemac.com>

Went to CVS and got most recent, cutting-edge, sasl.c and recompiled slapd. This DID NOT resolve the problem. Also, though I've tried a number of variations of arguments with ldapadd without success, the variation that seems the most correct to me is:

ldapadd -f cheshire-init.ldif -D "uid=rtanner@cheshire.onlinemac.com"

It still fails, as below, with the error "Insufficient Access" which means I successfully authenticated but the server doesn't think I'm authorized. Also, one other thing I forgot to mention. Immediately after ldapadd prompts me and I enter my password, it prints out "SASL SSF: 0". Where is the ssf of 0 coming from? I've tried seeting "security ssf=56" in slapd.conf, and that doesn't make any difference.

-- Rob

--On 10/28/00 06:01:18 PM -0700 Rob Tanner <rtanner@cheshire.onlinemac.com> wrote:

Hi,

I installed openldap-2.0.6 with SASL support of redhat 6.2. It build
and test without a hitch.  In running configure, I included the
"--with-cyrus-sasl" and the "--enable-spasswd" parameters.  In
slapd.conf, I've included the following lines:

sasl-host cheshire.onlinemac.com
sasl-realm CHESHIRE
sasl-secprops noanonymous  minssf=56
rootdn "uid=rtanner@cheshire.onlinemac.com"

But when I try to use ldapadd, no combination of options that I tried
would work.  After I entered my password (mech=CRAM-MD5), ldapadd
would return with the error "Insufficient Access".

I know SASL is ok.  I installed and configured it on the same machine
several months ago and it gets used continuously for Cyrus IMAP and
AUTH SMTP.  The docs are all pretty sparse, so I wouldn't be
surprised if I'm just doing something wrong.

All suggestions appreciated.  Thanks.


      _ _ _ _           _    _ _ _ _ _
     /\_\_\_\_\        /\_\ /\_\_\_\_\_\
    /\/_/_/_/_/       /\/_/ \/_/_/_/_/_/  QUIDQUID LATINE DICTUM SIT,
   /\/_/__\/_/ __    /\/_/    /\/_/          PROFUNDUM VIDITUR
  /\/_/_/_/_/ /\_\  /\/_/    /\/_/
 /\/_/ \/_/  /\/_/_/\/_/    /\/_/         (Whatever is said in Latin
 \/_/  \/_/  \/_/_/_/_/     \/_/              appears profound)

 Rob Tanner
 McMinnville, Oregon
 rtanner@cheshire.onlinemac.com

Follow-Ups:
- Re: Problem with openldap 2.0.6 and SASL [follow-up]
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Problem with openldap 2.0.6 and SASL
  - From: Rob Tanner <rtanner@cheshire.onlinemac.com>

Prev by Date: Problem with openldap 2.0.6 and SASL
Next by Date: use of ObjectClass top
Index(es):
- Chronological
- Thread