[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: OpenLdap authentication wirh SASL (CRAM-MD5 or DIGEST-MD5)
The "-D <dn>" option is irrelevant on a SASL bind. SASL uses usernames, not
DNs. For your example, use "-U admin" instead.
Also, your realm in sasldb is "merlin", but you set sasl-realm to "127.0.0.1"
in your slapd.conf. This will not work.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Raphaël Berghmans
> Hi,
>
>
> I'm trying to configure OpenLdap with SASL (CRAM-MD5 or DIGEST-MD5)
>
> I've done the following steps :
>
> Adduser in sasldb : saslpasswd -c admin
>
> Executing the command 'sasldblistusers' :
>
> user: admin realm: merlin mech: CRAM-MD5
> user: admin realm: merlin mech: DIGEST-MD5
> user: admin realm: merlin mech: PLAIN
>
> Checking if OpenLDAP implement correctly the authnentification method
> with : ldapsearch -H ldap:///127.0.0.1 -p389 -x -s base -LLL
> supportedSASLMechanisms
>
> Result:
>
> dn:
> supportedSASLMechanisms: CRAM-MD5
> supportedSASLMechanisms: DIGEST-MD5
>
>
> Adding in my slapd.conf the following lines:
>
> sasl-host 127.0.0.1
> sasl-realm 127.0.0.1
>
> rootdn "uid=admin"
>
> But when I'm testing this configuration by adding a new entry in the
> directory, my configuration doesn't seem to be correct :
>
> ldapadd -f rber.ldif -D "cn=admin,dc=arafox,dc=be" -Y DIGEST-MD5
> SASL/DIGEST-MD5 authentication started
> Please enter your password:
> ldap_sasl_interactive_bind_s: Unknown error
>
>
> or
>
> ldapadd -f rber.ldif -D "cn=admin,dc=arafox,dc=be"
> SASL/CRAM-MD5 authentication started
> Please enter your password:
> ldap_sasl_interactive_bind_s: Unknown error
> additional info: no secret in database
>
>
> Maybe I'm not using the correct options in the ldapadd or there is a
> problem between sasl and LDAP ?
>
> Could you please help me ?
>
> Raphaël
>
>
>
>
>
>