[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: newbie question. SASL auth.



In the line:

rootdn          "uid=root,cn=myorg.ru,cn=auth.cn-digest-md5"

you have a . instead of a comma btw cn=auth and cn=digest-md5
plus you have a - instead of a = in cn-digest-md5

Cheers
Jose




-----Original Message-----
From: Ilya Bassine [mailto:lanmot@cwrussia.ru]
Sent: 27 August 2002 11:15
To: openldap-software@OpenLDAP.org
Subject: newbie question. SASL auth.


Hi,

could you please tell me what did I wrong?
Here you are my system:

Slackware-8.1
Berkeley db-4.0.14
sasl-2.1.7
openldap 2.1.14 was compiled with SASL ( --enable-spasswd)

user root has been put into sasldb:
#############################################################
root@myhost:/etc/openldap# saslpasswd2 -c root -n
Password:
Again (for verification):
root@myhost:/etc/openldap# sasldblistusers2
root@myhost: cmusaslsecretOTP
root@myhost:
#############################################################

#############################################################
#/etc/openldap/slapd.conf
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/misc.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
pidfile         /var/ldap/slapd.pid
argsfile        /var/ldap/slapd.args
loglevel -1
backend bdb
backend ldap
database        bdb
sasl-regexp uid=(.*),cn=.*,cn=digest-md5,cn=auth uid=$1,dc=myorg,dc=ru
suffix          "dc=myorg,dc=ru"
rootdn          "uid=root,cn=myorg.ru,cn=auth.cn-digest-md5"
directory       /var/ldap/openldap-data
index   objectClass     eq
access to attr=userPassword
    by self write
    by anonymous auth
    by dn="uid=root,cn=myorg.ru,cn=auth,cn=digest-md5" write
    by * none
access to *
    by self write
    by dn="uid=root,cn=myorg.ru,cn=auth,cn=digest-md5" write
    by * read
#############################################################

when I'm trying to add the ldif file, system gives me an error:
#############################################################
bash-2.05a$ ldapadd -X uid=root,cn=myorg.ru,cn=auth,cn=digest-md5  -W
-f  \ 
~ilya/ldap_test/entry.test

Enter LDAP Password:
SASL/OTP authentication started
ldap_sasl_interactive_bind_s: Insufficient access (50)
additional info: SASL(-14): authorization failure: 
Inappropriate authentication
bash-2.05a$
#############################################################

what did I wrong?

Thank you for your help in advanvce

Ilya