[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL troubles



Hello all,

I'm trying to setup an LDAP server, and there are some difficulties
which I have seen. It is OpenLDAP 2.0.11 with Cyrus SASL 1.5.24, and,
in general, it worked.


First, I applied simple restriction on my database:

access to * by dn=uid=user,dc=mariinsky,dc=ru read

Then I was unable to even bind with ldapsearch. After a hour of
debugging I had figured out that I need:

access to ^$ by * read

for ldapsearch to work correctly. It does anonymous search of
supportedSASLMechanisms before actual bind.


Second, in the Administrator's Guide there are "SASL-based" examples
of rootdn etc:

rootdn     "uid=user@EXAMPLE.COM"

But it does not work. I was needed to investigate the problem and
write:

rootdn     "uid=user+realm=my.sasl.realm"


I'm just wondering, why these not-so-easy things is not documented
anywhere?


WBR, Pavel          mailto:flicker@mariinsky.ru    icq:52216261