[Date Prev][Date Next] [Chronological] [Thread] [Top]

newbie question. Add SASL Auth.



On Tuesday 27 August 2002 18:33, Ilya Bassine wrote:
 Hi!

My system is:
Slackware 8.1
Berkeley db-4.014
openldap-2.1.4 (./configure --prefix=/usr --localstatedir=/var/ldap
--sysconfdir=/etc --enable-crypt --enable-dinamic --enable-spasswd
--enable-modules --enable-bdb --enable-ldap --enable-passwd --enable-perl
--enable-shell --with-cyrus-sasl)
cyrus-sasl-2.1.7
 (./configure --prefix=/usr --with-dbpath=/etc/sasldb2 --with-pwcheck
--disable-krb4 --with-dblib=berkeley --enable-digest --enable-plain
--disable-gssapi)

 Reading the documentation I've obtained a working configuration of
 OpenLDAP. Please find below slapd.conf and dump of test records....
 If you need some more information, let me know I'll provide you with...
 But I'd like to add a SASL auth (to store passwords in sasldb)
 I've tried several configuration, but it doesn't work.
 Especially the formation of DN taht  should contain UID and AUTH,
 AUTH-shema (like digest-md5) is not clear for me.

 Could you please help or give a working example.... (just a short one)?

 Thank you in advance.

Ilya

 #/etc/openldap/slapd.conf
 include         /etc/openldap/schema/core.schema
 include         /etc/openldap/schema/misc.schema
 include         /etc/openldap/schema/cosine.schema
 include         /etc/openldap/schema/inetorgperson.schema
 pidfile         /var/ldap/slapd.pid
 argsfile        /var/ldap/slapd.args
 loglevel 	-1
 backend 	bdb
 backend 	ldap
 database        bdb
 suffix          "o=My Organization,c=RU"
 rootdn        "cn=ldap_admin,o=My Organization,c=RU"
 rootpw	  {SSHA}aoVneQqwyoOAHDx89s1AMl8bzqdBzsHU
 directory    /var/ldap/openldap-data
 index   	objectClass     eq
 access to attr=userPassword
     by self write
     by anonymous auth
     by dn="cn=ldap_admin,o=My Organization,c=RU" write
     by * none
 access to *
     by self write
     by dn="cn=ldap_admin,o=My Organization,c=RU" write
     by * read

 #dump of
 #ldapsearch -x -b 'o=My Organization,c=RU' '(objectclass=*)'
 # extended LDIF
 #
 # LDAPv3
 # filter: (objectclass=*)
 # requesting: ALL
 #

 # My Organization, RU
 dn: o=My Organization,c=RU
 objectClass: organization
 o: My Organization
 description: My Organization

 # ldap_admin, My Organization, RU
 dn: cn=ldap_admin,o=My Organization,c=RU
 objectClass: organizationalRole
 cn: ldap_admin

 # NOC, My Organization, RU
 dn: ou=NOC,o=My Organization,c=RU
 objectClass: organizationalUnit
 ou: NOC
 description: Network Operation Department

 # FirstName1 LastName1, NOC, My Organization, RU
 dn: cn=FirstName1 LastName1,ou=NOC,o=My Organization,c=RU
 objectClass: inetOrgPerson
 o: My Organization
 ou: NOC
 cn: FirstName1 LastName1
 sn: LastName1
 uid: uid1
 postalAddress: Here is a Postal address
 postalCode: Here is a Postal Code
 telephoneNumber: +7 000 000000
 mobile: +7 000 000000
 mail: FirstName1.LastName1@myorg.ru