[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Fw: on SASL

To: Todd Lyons <todd@mrball.net>
Subject: Re: Fw: on SASL
From: Turbo Fredriksson <turbo@bayour.com>
Date: 19 Jan 2002 18:36:55 +0100
Cc: ldap <openldap-software@OpenLDAP.org>
In-reply-to: <20020118203726.A27972@mrball.net>
Organization: LDAP/Kerberos expert wannabe
References: <008701c19e41$64c54fc0$1801a8c0@impdiv3> <876662xthv.fsf@papadoc.bayour.com> <20020118203726.A27972@mrball.net>
User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7

Quoting Todd Lyons <todd@mrball.net>:

> Doesn't work:
> replogfile      /var/log/ldap/replicate-District3.log
> replica         host=gteshome:53389

You _MIGHT_ need the full FQDN here...

>                 suffix="ou=District3,o=mrball,c=US"
>                 binddn="uid=tlyons.mrball.net"

This is not a complete dn... (should probably have 'suffix' added to it).

>                 authcId="tlyons.mrball.net"
>                 authzId="tlyons.mrball.net"
>                 realm="gteshome.mrball.net"
>                 credentials="todd"

Have no idea what these do, _I_ don't have them...

> In the config file for the slave ldap server for port 53389, I have:
> updatedn	"UID=TLYONS.MRBALL.NET+REALM=GTESHOME.MRBALL.NET"

"uid=TLYONS\.MRBALL\.NET.\+realm=GTESHOME.MRBALL.NET"

DOT (.) is a regexp, so have to be protected. It is advisable to use dot's
in a DN (you'll probably end up with even more problem if you have a dot
in the DN)!

> For ACL's, I have:
> access to attrs=userPassword,lmpassword,ntpassword
>         by self write
>         by dn="UID=TLYONS.MRBALL.NET" write
>         by * none

Since you're using dot's in the username, this should be:

dn="UID=TLYONS\.MRBALL\.NET.+\+realm=GTESHOME.MRBALL.NET"

> access to *
>         by self read
>         by dn="UID=TLYONS.MRBALL.NET" write
>         by * search

Same as above...

> [root@gteshome root]# sasldblistusers
> user: tlyons.mrball.net realm: gteshome.mrball.net mech: DIGEST-MD5
> user: tlyons.mrball.net realm: gteshome.mrball.net mech: PLAIN
> user: tlyons.mrball.net realm: gteshome.mrball.net mech: CRAM-MD5

This indicates that the username is in lowercase, so replace all uppercased
usernames to lowercase above...

> In the meantime, I'm studying your HowTo.

Only using SASL (ie, without Kerberos) is what's still missing in my HOWTO.
I'd hoped that someone would volontare... :)


-- 
 Turbo     __ _     Debian GNU     Unix _IS_ user friendly - it's just 
 ^^^^^    / /(_)_ __  _   ___  __  selective about who its friends are 
         / / | | '_ \| | | \ \/ /    Debian Certified Linux Developer  
  _ /// / /__| | | | | |_| |>  <  Turbo Fredriksson   turbo@bayour.com
  \\\/  \____/_|_| |_|\__,_/_/\_\         Gothenburg/Sweden

Follow-Ups:
- Re: Fw: on SASL
  - From: Todd Lyons <todd@mrball.net>

References:
- Fw: on SASL
  - From: "Gayathri.A" <gayathri@odysseytec.com>
- Re: Fw: on SASL
  - From: Turbo Fredriksson <turbo@bayour.com>
- Re: Fw: on SASL
  - From: Todd Lyons <todd@mrball.net>

Prev by Date: Re: Filter problem...
Next by Date: Re: speeding up searches (index?)
Index(es):
- Chronological
- Thread