[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL - Digest-MD5

To: Jason L W Lynn <jlwlynn@uab.edu>
Subject: Re: SASL - Digest-MD5
From: Edward Rudd <eddie@omegaware.com>
Date: 03 Jun 2003 12:09:21 -0500
Cc: OpenLDAP <openldap-software@OpenLDAP.org>
In-reply-to: <1054655414.7794.24.camel@buck.lab.ac.uab.edu>
Organization:
References: <1054562828.29935.17.camel@buck.lab.ac.uab.edu> <1054652934.7751.16.camel@buck.lab.ac.uab.edu> <1054655414.7794.24.camel@buck.lab.ac.uab.edu>

OK

the SASL dn comes into the server like this

uid=jdoe,cn=enterprise.test.com,cn=digest-md5,cn=auth
(if you enable trace debugging in the server (loglevel 1) you'll see the
calls to the sasl-regexp )

so try changing your sasl-regexp line to this

sasl-regexp uid=(.*),cn=enterprise.test.com,cn=digest-md5,cn=auth
	uid=$1,ou=people,dc=enterprise,dc=test,dc=com

and see if it works.

On Tue, 2003-06-03 at 10:50, Jason L W Lynn wrote:
> DISREGARD last message.  By not specifying -H to the ldapsearch,
> ldapsearch took it upon itself (I guess) to query ldap.test.com instead
> of enterprise.test.com (basically) which happened to be an actual
> machine running LDAP, but did not support SASL.
> 
> New problem:
> For simple searches w/o authentication (-x) and by specifying '-H
> ldap://enterprise.test.com' the search works just fine.  Now, if I try
> an authenticated search :
> 
> ldapsearch -v -d -1 -H ldap://enterprise.test.com -U jdoe
> -Y digest-md5 -b 'dc=enterprise,dc=test,dc=com' '(objectClass=*)'
> 
> I am getting the following :
> 
> ldap_sasl_interactive_bind_s: Local error
> 
> This just seems to be getting worse and worse... :)
> 
> Thanks,
> 
> jason
> 
> 
> On Tue, 2003-06-03 at 10:08, Jason L W Lynn wrote:
> > Well, I believe I have gotten a little further.  When I perform a search
> > now, I get the following error(s):
> > 
> > SASL/DIGEST-MD5 authentication started
> > ldap_sasl_interactive_bind_s: Authentication method not supported
> >         additional info: SASL mechanism not supported
> > 
> > Any ideas on why I am getting this error?  I have the following in my
> > slapd.conf file :
> > 
> > sasl-regexp uid=(.*),cn=.*,cn=auth
> >             uid=$1,ou=people,dc=enterprise,dc=test,dc=com
> > password-hash {CLEARTEXT}
> > 
> > The users in LDAP take the following form :
> > uid=jdoe,ou=people,dc=enterprise,dc=test,dc=com.
> > 
> > The search is performed by : ldapsearch -U jdoe -Y digest-md5 -b
> > 'dc=enterprise,dc=test,dc=com' '(objectClass=*)'
> > 
> > Any help would be very much appreciated.  Thanks!
> > 
> > jason
> > 
> > On Mon, 2003-06-02 at 09:07, Jason L W Lynn wrote:
> > > Hello,
> > > 
> > > I'm trying to get SASL working with Digest-MD5.  I believe I have most
> > > everything set up correctly, but I keep getting the error (during a
> > > search) :
> > > 
> > > ldap_sasl_interactive_bind_s: Local error
> > > 
> > > Does this mean that I do not have the SASL entries mapped correctly to
> > > the LDAP entries?  Or does it mean something else alltogether?
> > > 
> > > Thanks,
-- 
Edward Rudd <eddie@omegaware.com>

References:
- SASL - Digest-MD5
  - From: Jason L W Lynn <jlwlynn@uab.edu>
- Re: SASL - Digest-MD5
  - From: Jason L W Lynn <jlwlynn@uab.edu>
- Re: SASL - Digest-MD5
  - From: Jason L W Lynn <jlwlynn@uab.edu>

Prev by Date: openldap2.0.23 does not work with eudora 5.2.1 , but works with netscape mail 7.0
Next by Date: How to test SSN
Index(es):
- Chronological
- Thread