[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Newbie OpenLDAP-SASL question
To get directory users authenticated using SASL, I have taken the
following steps:
- compile/install cyrus sasl
- compile/install openldap 2.0.9 with cyrus sasl support
- set 'require SASL' in my slapd.conf (i want to prevent any other type
of authentication)
- create a sasl passwd file (/etc/sasldb) using saslpasswd(8), invoked
like this:
for dn "cn=Manager,dc=example,dc=com":
% /usr/local/sbin/saslpasswd -c "dn:cn=Manager,dc=example,dc=com"
At this point, running ldapsearch with -D "cn=Manager,dc=example,dc=com"
and -W, I set the authentication id and the authzid to
"dn:cn=Manager,dc=example,dc=com". Running in debug mode, it looks like
it is authenticating correctly against the sasl database, however I get
the error:
ldap_sasl_interactive_bind_s: Inappropriate authentication
additional info: authorization disallowed
(I believe the SASL part of authentication is going through correctly,
because putting in a wrong password gives me "Invalid Credentials
Error". Running in debug mode showed correct SASL client-server
communication, with a positive response from the server).
Reading previous posts about SASL authentication, I believe what is
wrong here is that I am not telling the LDAP server which SASL username
corresponds to which LDAP directory entry. Unfortunately, I couldn't
find any documentation on this matter.
Thanks,
Mani
--
/* Mani Ghasemlou, Software Developer
* Steltor Inc., 2000 Peel Street, 4th floor, Montreal.
* TELEPHONE: (514) 733-8500 EXT 4217 FAX: (514) 733-8878
*/