[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
newbie question. Add SASL Auth.
- To: openldap-software@OpenLDAP.org
- Subject: newbie question. Add SASL Auth.
- From: Ilya Bassine <lanmot@cwrussia.ru>
- Date: Tue, 27 Aug 2002 18:40:10 +0400
- In-reply-to: <200208271833.42401.lanmot@cwrussia.ru>
- Organization: NOC Cable & Wireless
- References: <200208271833.42401.lanmot@cwrussia.ru>
- User-agent: KMail/1.4.1
On Tuesday 27 August 2002 18:33, Ilya Bassine wrote:
Hi!
My system is:
Slackware 8.1
Berkeley db-4.014
openldap-2.1.4 (./configure --prefix=/usr --localstatedir=/var/ldap
--sysconfdir=/etc --enable-crypt --enable-dinamic --enable-spasswd
--enable-modules --enable-bdb --enable-ldap --enable-passwd --enable-perl
--enable-shell --with-cyrus-sasl)
cyrus-sasl-2.1.7
(./configure --prefix=/usr --with-dbpath=/etc/sasldb2 --with-pwcheck
--disable-krb4 --with-dblib=berkeley --enable-digest --enable-plain
--disable-gssapi)
Reading the documentation I've obtained a working configuration of
OpenLDAP. Please find below slapd.conf and dump of test records....
If you need some more information, let me know I'll provide you with...
But I'd like to add a SASL auth (to store passwords in sasldb)
I've tried several configuration, but it doesn't work.
Especially the formation of DN taht should contain UID and AUTH,
AUTH-shema (like digest-md5) is not clear for me.
Could you please help or give a working example.... (just a short one)?
Thank you in advance.
Ilya
#/etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
pidfile /var/ldap/slapd.pid
argsfile /var/ldap/slapd.args
loglevel -1
backend bdb
backend ldap
database bdb
suffix "o=My Organization,c=RU"
rootdn "cn=ldap_admin,o=My Organization,c=RU"
rootpw {SSHA}aoVneQqwyoOAHDx89s1AMl8bzqdBzsHU
directory /var/ldap/openldap-data
index objectClass eq
access to attr=userPassword
by self write
by anonymous auth
by dn="cn=ldap_admin,o=My Organization,c=RU" write
by * none
access to *
by self write
by dn="cn=ldap_admin,o=My Organization,c=RU" write
by * read
#dump of
#ldapsearch -x -b 'o=My Organization,c=RU' '(objectclass=*)'
# extended LDIF
#
# LDAPv3
# filter: (objectclass=*)
# requesting: ALL
#
# My Organization, RU
dn: o=My Organization,c=RU
objectClass: organization
o: My Organization
description: My Organization
# ldap_admin, My Organization, RU
dn: cn=ldap_admin,o=My Organization,c=RU
objectClass: organizationalRole
cn: ldap_admin
# NOC, My Organization, RU
dn: ou=NOC,o=My Organization,c=RU
objectClass: organizationalUnit
ou: NOC
description: Network Operation Department
# FirstName1 LastName1, NOC, My Organization, RU
dn: cn=FirstName1 LastName1,ou=NOC,o=My Organization,c=RU
objectClass: inetOrgPerson
o: My Organization
ou: NOC
cn: FirstName1 LastName1
sn: LastName1
uid: uid1
postalAddress: Here is a Postal address
postalCode: Here is a Postal Code
telephoneNumber: +7 000 000000
mobile: +7 000 000000
mail: FirstName1.LastName1@myorg.ru