[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SASL/LDAP authentication questions?



One more thing.  When I execute the ldapsearch with the "correct"
credentials,
what I get back is the following:

dn: uid=BSmith,o=NASH,dc=dell,dc=com
objectClass: top
objectClass: mcpactor
uid: BSmith
cn: "Barry Smith"
sn: Barry Smith
userPassword::QlNlaWRIbA==

Can anyone tell me what is going on with the value returned for the
userPassword?
Is this the SAS/DIGEST-MD5 encrypted password?

Thanks

Tom

-----Original Message-----
From: Thomas_W_Collins@Dell.com [mailto:Thomas_W_Collins@Dell.com]
Sent: Tuesday, January 16, 2001 4:42 PM
To: openldap-software@OpenLDAP.org
Subject: SASL/LDAP authentication questions?


Hi...

I have a couple of questions regarding SASL, OpenLDAP, and passwords.

I have SASL/OpenLDAP installed and the following fragment
from the slapd.conf:

database        ldbm
suffix          "o=NASH,dc=dell,dc=com"
rootdn          "cn=root,o=DAO,dc=dell,dc=com"
rootpw          {crypt}tcPo8hUG.cU7c
directory       /usr/local/openldap-1.2.11/var/NASH
index           uid pres,eq,sub
index           cn,sn pres,eq,sub

and I also specify two sasl user accounts as:

saslpasswd -c root
password=root
  
saslpasswd -c BSmith
password=BSmith

I add the following entries from an ldif file:

dn: o=NASH,dc=dell,dc=com
objectclass: dcObject
objectclass: organization
o: NASH
dc: dell

dn: uid=BSmith,o=NASH,dc=dell,dc=com
objectclass: top
objectclass: mcpactor
uid: BSeidel
cn: "Barry Smith"
sn: Barry Smith
userPassword: BSmith

I then execute the follwing:

ldapsearch -L -D uid=BSmith,o=NASH,dc=dell,dc=com -b "o=NASH,dc=dell,dc=com"
-s sub \
		'(objectclass=*)' -W

When ldap prompts for the password, if I put in "BSmith", I get the
following:

SASL/DIGEST-MD5 authentication started 
ldap_sasl_interactive_bind_s; Invalid credentials
	additional info: Client 'response' doesn't match what we generated.

If I execute the same command, but instead of supplying "BSmith" when
prompted for the
password I supply "root", everything works fine.  That is, I get the above
entry
back from the ldapsearch.  Do I need to add some ACLs to the slapd.conf file
to
allow access to users other than the rootdn?  My guess is that I do.

Thanks

Tom