[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenLdap authentication wirh SASL (CRAM-MD5 or DIGEST-MD5)



The "-D <dn>" option is irrelevant on a SASL bind. SASL uses usernames, not
DNs. For your example, use "-U admin" instead.

Also, your realm in sasldb is "merlin", but you set sasl-realm to "127.0.0.1"
in your slapd.conf. This will not work.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Raphaël Berghmans

> Hi,
>
>
> I'm trying to configure OpenLdap with SASL (CRAM-MD5 or DIGEST-MD5)
>
> I've done the following steps :
>
> Adduser in sasldb : saslpasswd -c admin
>
> Executing the command 'sasldblistusers' :
>
> user: admin realm: merlin mech: CRAM-MD5
> user: admin realm: merlin mech: DIGEST-MD5
> user: admin realm: merlin mech: PLAIN
>
> Checking if OpenLDAP implement correctly the authnentification method
> with : ldapsearch -H ldap:///127.0.0.1 -p389 -x -s base -LLL
> supportedSASLMechanisms
>
> Result:
>
> dn:
> supportedSASLMechanisms: CRAM-MD5
> supportedSASLMechanisms: DIGEST-MD5
>
>
> Adding in my slapd.conf the following lines:
>
> sasl-host       127.0.0.1
> sasl-realm      127.0.0.1
>
> rootdn "uid=admin"
>
> But when I'm testing this configuration by adding a new entry in the
> directory, my configuration doesn't seem to be correct :
>
> ldapadd -f rber.ldif -D "cn=admin,dc=arafox,dc=be"  -Y DIGEST-MD5
> SASL/DIGEST-MD5 authentication started
> Please enter your password:
> ldap_sasl_interactive_bind_s: Unknown error
>
>
> or
>
> ldapadd -f rber.ldif -D "cn=admin,dc=arafox,dc=be"
> SASL/CRAM-MD5 authentication started
> Please enter your password:
> ldap_sasl_interactive_bind_s: Unknown error
> 	additional info: no secret in database
>
>
> Maybe I'm not using the correct options in the ldapadd or there is a
> problem between sasl and LDAP ?
>
> Could you please help me ?
>
> Raphaël
>
>
>
>
>
>