[Date Prev][Date Next] [Chronological] [Thread] [Top]

"ldapsearch -I" doesn't give desired result



Hi,

I have build openldap and run "make test" succesfully.
when running "make test" I see that the supported sasl-mechanism
are digest-md5 and cram-md5. 
after "make install" I started slapd with;
	"/usr/local/libexec/slapd -d 4 -h ldap://127.0.0.1";
when I do "ldapsearch -I" I will receive:
	ldap_sasl_interactive_bind_s: No such object". 
When I look at the debug output of slapd I will see;
	connection_get(9)
	SRCH "" 0 0   000
		filter: (objectClass=*)
		attrs: supportedSASLMechanisms
	send_ldap_result: 0::
	ber_flush: 14 bytes to sd 9
	connection_get(9)
If I try "ldapsearch -I -Y cram-md5 I will receive;
	SASL/CRAM-MD5 authentication started
	SASL Interaction
	Default: root
	Please enter your autherization name:
When I look at the debug output of slapd I will see;
	connection_get(9)
	==> sasl_bind: dn="" mech=CRAM-MD5 datalen=0
	ber_flush: 49 bytes to sd 9 
If I proceed and enter the autherization name and the password
I will get ;
	ldap_sasl_interactive_bind_s: Unknown error
	additional info: no secret in database
but sasldblistusers will show me the secrets for the username.
When I look at the debug output of slapd I will see;
	connection_get(9)
	==> sasl_bind: dn="" mech=<continuing> datalen=40
	send_ldap_result: 80::no secret in database
	ber_flush: 35 bytes to sd 9
	connection_get(9)

I have qmail-ldap working with cyrus-sasl but not completely, I would
like to get it working completely.

I have two questions; 
	1) I would like to know how I can make "ldapsearch -I" to return
	    the supported sasl mechanism without having to explicitely
	    specify the mechanism.
	2) I would like to know how I can make "ldapsearch -I -Y mechanism"
	     authenticate from the sasldb database. 

Kind Regards,

Lucio Jankok