[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
SASL auth fails with "unable to get user's secret"
Hello,
im stuck with getting openldap to work and would appreciate any help.
System:
cyrus-sasl-1.5.27
openldap-2.0.23
linux-2.4.7 (RedHat 7.0)
my slapd.conf is:
include /etc/openldap/schema/core.schema
pidfile /var/run/slapd.pid
access to * by *
database ldbm
suffix "dc=example,dc=com"
directory /var/openldap-ldbm
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
index cn pres,eq,sub
The first thing is, that SASL authentication won't work.
ldapadd -U georg -Y georg -Y DIGEST-MD5 -v -f lroot.ldif
gives me:
ldap_initialize( <DEFAULT> )
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Unknown error
additional info: unable to get user's secret
the log says:
Feb 20 14:34:00 router slapd[4262]: daemon: conn=2 fd=11 connection from IP=127.
0.0.1:34236 (IP=0.0.0.0:34049) accepted.
Feb 20 14:34:00 router slapd[4264]: conn=2 op=0 BIND dn="" method=163
Feb 20 14:34:02 router slapd[4264]: conn=2 op=1 BIND dn="" method=163
Feb 20 14:34:02 router slapd[4264]: conn=2 op=1 RESULT tag=97 err=80 text=unable to get user's secret
Feb 20 14:34:02 router slapd[4262]: conn=-1 fd=11 closed
SASL authentication is working fine with cyrus-imapd and the client/server tools from the cyrus-sasl source.
The second problem is, that though it is possible to add entrys with simple auth, ldapsearch doesn't return any records:
ldapadd -f lroot.ldif -x -D "cn=Manager,dc=example,dc=com" -w secret -v
ldap_initialize( <DEFAULT> )
add objectclass:
dcobject
add dc:
example
adding new entry "dc=example,dc=com"
modify complete
add objectClass:
person
add cn:
George Clown
Clown
add sn:
George
add description:
Company Clown
adding new entry "cn=Clown,dc=example,dc=com"
modify complete
ldapsearch -x -s base -b "" -h router -v "*"
ldap_init( router, 0 )
filter: (objectclass=*)
requesting: *
version: 2
#
# filter: (objectclass=*)
# requesting: *
#
# search result
search: 2
result: 32 No such object
# numResponses: 1
I am not very familiar with ldap, so maybe i have made a mistake somewhere.
BTW The tests supplied with the source work fine.
Regards,
Georg
-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/