[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Basic Steps to get SASL working?
Hi,
I've scoured the archive for this mailing list, the included
documentation for LDAP and Cyrus SASL and
a general search on the net. And I'm still confused
as to what I requre to get a basic SASL setup running.
There is no one place that gives step by step instructions.
For starters I want to get the basic PLAIN mechanism working.
Later on, I'll try and get Kerberos installed and get that working.
Below is what I have and objectclass = * searches on simple bind work fine.
The minute I try a sasl bind using ldapsearch -I -Y "PLAIN" -b
"dc=karthika,dc=com" '(objectclass=*)
I get sasl_interactive_bind: unknown authentication method
Iwrote my own ldap client and in that simple bind works, tried using
ldap_sasl_bind_s
and I get while the PLAIN mechanism is accepted I get a perror: uknown
error. (if I misspell
PLAIN, the perror returns Unknown authentication method as expected).
So can someone help me out please?
Thanks-Fozia
Here's what I have right now:
1) openldap 2.0.23 --with-spasswd --enable-cyrus-sasl installed.
*slapd is running.
*CYRUS-SASL 1.5.27 installed.
2) ldapsearch on supportedSASLMechanisms returns: PLAIN and ANONYMOUS
3) my slapd.conf file in
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31
kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/my.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /usr/local/var/slapd.pid
argsfile /usr/local/var/slapd.args
# Load dynamic backend modules:
# modulepath /usr/local/libexec/openldap
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
#
# Sample Access Control
# Allow read access of root DSE
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
#
#access to dn="" by * read
#access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default is:
# Allow read by all
#
# rootdn can always write!
sasl-host dev14
sasl-secprops none
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
suffix "dc=karthika,dc=com"
#suffix "o=My Organization Name,c=US"
rootdn "cn=Manager,dc=karthika,dc=com"
#rootdn "cn=Manager,o=My Organization Name,c=US"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
#directory /var/lib/ldap
directory /usr/local/var/openldap-ldbm
# Indices to maintain
index objectClass eq
4) my slapd.conf in /usr/lib/sasl/
pwcheck_method: sasldb
5) using /usr/local/sbin/sasldblistusers
user: Manager realm: dev14 mech: CRAM-MD5
user: Manager realm: dev14 mech: PLAIN
user: admin realm: dev14 mech: CRAM-MD5
user: admin realm: dev14 mech: DIGEST-MD5
user: admin realm: dev14 mech: PLAIN
user: Manager realm: dev14 mech: DIGEST-MD5
6) ls of /usr/lib/sasl is:
libanonymous.la
libanonymous.so
libanonymous.so.1
libanonymous.so.1.0.16
libcrammd5.la
libcrammd5.so
libcrammd5.so.1
libcrammd5.so.1.0.17
libdigestmd5.la
libdigestmd5.so
libdigestmd5.so.0
libdigestmd5.so.0.0.19
libplain.la
libplain.so
libplain.so.1
libplain.so.1.0.15
slapd.conf
slapd.conf~
ssh.conf