[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SASL authentication, user not found

To: Karl Lattimer <k.lattimer@nnc-consultancy.co.uk>
Subject: RE: SASL authentication, user not found
From: Tony Earnshaw <tonni@billy.demon.nl>
Date: 22 Mar 2003 20:57:35 +0100
Cc: OpenLDAP-software@OpenLDAP.org
In-reply-to: <000001c2f09d$c1fa6720$0200a8c0@halflife>
Organization:
References: <000001c2f09d$c1fa6720$0200a8c0@halflife>

lør, 2003-03-22 kl. 19:06 skrev Karl Lattimer:

> With the SASL regexp set to (In reply to Tony Earnshaw);

Basically, I owe this all (and a lot more :) to Howard Chu anyway, so
always believe him first ... heh ...

> sasl-regexp
>         "uid=(.*),cn=LSiaB,cn=DIGEST-MD5,cn=auth"
>         "uid=$1,ou=test,o=lsiab.lan"
> #       "ldap:///o=lsiab.lan??sub?=uid=$1";
> 
> The # is there because I've been trying both with every thing I've changed.

Well, mine works and I cheesed mine off Howard!

1: Basically, maintain a standard DIT, but keep all userPassword s in
cleartext if you are going to use MD5 (CRAM or DIGEST) SASL;

2: In slapd.conf, use (single line):

sasl-regexp
"uid=(.*),cn=LSiaB,cn=DIGEST-MD5,cn=auth" "ldap:///o=lsiab.lan??sub?=uid=$1";

3: Search with:

ldapsearch -Y DIGEST-MD5 -U whatever-you-have-as-bind-uid 'uid=uid-you-want-to-search-for*'

Instead of "uid=uid-you-want-to-search-for*", you can put your desired filter.

If it doesn't work then, they tell me there's a great future in the funeral
business, at the moment.

Best,

Tony

-- 

Tony Earnshaw

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl

Follow-Ups:
- RE: SASL authentication, user not found
  - From: "Karl Lattimer" <k.lattimer@nnc-consultancy.co.uk>
- RE: SASL authentication, user not found
  - From: "Howard Chu" <hyc@highlandsun.com>

References:
- RE: SASL authentication, user not found
  - From: "Karl Lattimer" <k.lattimer@nnc-consultancy.co.uk>

Prev by Date: RE: slapd-bdb cachesize
Next by Date: RE: SASL authentication, user not found
Index(es):
- Chronological
- Thread