[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: SASL/LDAP authentication questions?
One more thing. When I execute the ldapsearch with the "correct"
credentials,
what I get back is the following:
dn: uid=BSmith,o=NASH,dc=dell,dc=com
objectClass: top
objectClass: mcpactor
uid: BSmith
cn: "Barry Smith"
sn: Barry Smith
userPassword::QlNlaWRIbA==
Can anyone tell me what is going on with the value returned for the
userPassword?
Is this the SAS/DIGEST-MD5 encrypted password?
Thanks
Tom
-----Original Message-----
From: Thomas_W_Collins@Dell.com [mailto:Thomas_W_Collins@Dell.com]
Sent: Tuesday, January 16, 2001 4:42 PM
To: openldap-software@OpenLDAP.org
Subject: SASL/LDAP authentication questions?
Hi...
I have a couple of questions regarding SASL, OpenLDAP, and passwords.
I have SASL/OpenLDAP installed and the following fragment
from the slapd.conf:
database ldbm
suffix "o=NASH,dc=dell,dc=com"
rootdn "cn=root,o=DAO,dc=dell,dc=com"
rootpw {crypt}tcPo8hUG.cU7c
directory /usr/local/openldap-1.2.11/var/NASH
index uid pres,eq,sub
index cn,sn pres,eq,sub
and I also specify two sasl user accounts as:
saslpasswd -c root
password=root
saslpasswd -c BSmith
password=BSmith
I add the following entries from an ldif file:
dn: o=NASH,dc=dell,dc=com
objectclass: dcObject
objectclass: organization
o: NASH
dc: dell
dn: uid=BSmith,o=NASH,dc=dell,dc=com
objectclass: top
objectclass: mcpactor
uid: BSeidel
cn: "Barry Smith"
sn: Barry Smith
userPassword: BSmith
I then execute the follwing:
ldapsearch -L -D uid=BSmith,o=NASH,dc=dell,dc=com -b "o=NASH,dc=dell,dc=com"
-s sub \
'(objectclass=*)' -W
When ldap prompts for the password, if I put in "BSmith", I get the
following:
SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s; Invalid credentials
additional info: Client 'response' doesn't match what we generated.
If I execute the same command, but instead of supplying "BSmith" when
prompted for the
password I supply "root", everything works fine. That is, I get the above
entry
back from the ldapsearch. Do I need to add some ACLs to the slapd.conf file
to
allow access to users other than the rootdn? My guess is that I do.
Thanks
Tom