[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
SASL / DIGEST-MD5
Hello all
I'm trying to get digest-md5 working with passwords stored in openldap
directory instead of sasldb2
According to the doc, it is possible
however, I got an error when I run this :
$ ldapsearch -Y DIGEST-MD5 -U francois -ZZ
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Internal (implementation specific) error
(80)
additional info: SASL(-13): user not found: no secret in
database
and in the logs I got this kind of things :
====> cache_find_entry_id( 4 )
"cn=francois,ou=people,dc=enatel,dc=local" (found) (1 tries)
[...]
=> access_allowed: search access to
"cn=francois,ou=people,dc=enatel,dc=local" "objectClass" requested
[...]
=> acl_mask: access to entry "cn=francois,ou=people,dc=enatel,dc=local",
attr "objectClass" requested
[...]
<= check a_dn_pat: self
<= check a_dn_pat: cn=root,dc=enatel,dc=local
<= check a_dn_pat: anonymous
<= acl_mask: [3] applying auth(=x) (stop)
<= acl_mask: [3] mask: auth(=x)
=> access_allowed: search access denied by auth(=x)
then a look up in the sasldb2 file, then the error
I have password-hash {CLEARTEXT} in slapd.conf, and password are
cleartext (I checked)
Here are my acls :
access to dn=".*,ou=people,dc=enatel,dc=local"
by self write
by dn.base="cn=root,dc=enatel,dc=local" write
by * none
access to *
by dn.base="cn=root,dc=enatel,dc=local" write
by * none
I think there are too restrictive
What is wrong ?
thanks
Francois