[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Trying to enable SASL support for OpenLDAP 2.0.11...
Hi,
On Wednesday, 8. August 2001 23:34, Brendan Byrd wrote:
> This is annoying. I've been spending the past 8+ hours trying to get
> SASL to work with OpenLDAP. Every time I do, I encounter the same
> error:
>
> # ldapadd -D "uid=root@sineswiper.missiondata.com" -f
> /root/missiondata.ldif
> ldap_sasl_interactive_bind_s: No such object
the -D parameter is for simple authentication, you should use "-U root"
instead (if root is a valid user in your SASL realm).
[...]
> I can use simple mode just fine, but I don't want simple mode. I'm
> trying to get everything setup for LDAP through SSL. I have all of
> the libraries: Kerberos 5, SASL, DES, Crypt, Crypto, etc. I've used
> the following configure line:
[...]
> # ldapadd -k
> ldapadd: not compiled with Kerberos support
> I'm not sure if the SASL switch on the configure overrides this or
> what, but I don't understand why it can't have support for both. My
> ldap.conf is correct:
Kerberos 5 is not Kerberos in the senso of OpenLDAP. Using Kerberos 5 with
LDAP works just fine, if you have the GSSAPI SASL mechanism installed (this
means Kerberos 5 over SASL), however the -k parameter is only for Kerberos 4.
> BASE dc=missiondata, dc=com
> URI ldap://sineswiper.missiondata.net
>
> According to LDAPSearch, I don't have the required
> "supportedSASLMechanisms" objects in my Root DN:
This is another pitfall: supportedSASLMechanisms is an operatiional
attribute. You have this (if SASL is working) but your ACLs must grant
anonymous read access to it.
> # ldapsearch -D "cn=root,dc=missiondata,dc=com" -b "" -Wxs base -LLL
> Enter LDAP Password:
> dn:
> objectClass: top
> objectClass: OpenLDAProotDSE
>
> My /var/log/message doesn't say anything unusual. I've already
> created a /etc/sasldb with saslpasswd. My slapd.conf contains:
>
> ---- cut ----
> sasl-host sineswiper.missiondata.net
> sasl-secprops none
>
> database ldbm
> suffix "dc=missiondata,dc=com"
> #rootdn "uid=root@sineswiper.missiondata.net"
> rootdn "cn=root,dc=missiondata,dc=com"
> rootpw {SSHA}---blah---
> directory /var/openldap/ldbm
> index objectClass eq
rootdn and rootpw are for simple authentication only.
> TLSCertificateFile /var/ssl/ssl.crt/server.crt
> TLSCertificateKeyFile /var/ssl/ssl.key/server.key
> ---- end ----
You may need the SASLRealm and the SASLserver parameter. See the slapd.conf
man page for details.
Yours,
Stephan Siano
--
Stephan Siano Mail: Stephan.Siano@suse.de
SuSE Linux Solutions AG Phone: 06196 50951 31
Mergenthalerallee 45-47 Fax: 06196 409607
D-65760 Eschborn