[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re[2]: SASL MD5 - another try



Hello Dieter,

Wednesday, July 16, 2003, 6:11:26 PM, you wrote:

DK> Hi,

DK> Alexander Lunyov <lan_mailing@startatom.ru> writes:

>> Hello openldap-software,
>>
>>   I'm still don't get it. Let's play it step by step.
>>
>>   1. Install Cyrus-SASL 2.1.13 with default options in configure (not me,
>>      it's port in FreeBSD).
>>   2. Install OpenLDAP 2.1.21 with --enable-sasl option in configure
>>      (also port).
>>   3. Configure slapd.conf and add proper sasl-regexp option.
>>   4. Get LDAP database filled.
>>   5. Then i'm trying to bind to LDAP with -Y DIGEST-MD5 and result same as before
>>      - logs are growing fast with "daemon: select timeout - yielding"
>>      entry. And that's all.
>>
>>   I dreaming to get some error that you people have - but i've got
>>   only that "select timeout" and nobody seems to know what is
>>   happening.
>>
>>   The questions are:
>>
>>   1. Is SASL really works with LDAP (stupid question? i don't think so)?
>>   2. Do i need to config SASL in some way?
>>   3. Do i need to compile ldapdb auxprop plugin for SASL?
>>   4. Can anyone if you have SASL & LDAP working together write some
>>      small step by step howto?

DK> You have to add users and password to sasldb.
DK> saslpasswd2 -a ldap -u <sasl-realm> -c <user>

    Huh? What for? According to
    http://www.openldap.org/doc/admin21/sasl.html

    Secret passwords are normally stored in Cyrus SASL's own sasldb database, but if
    OpenLDAP has been compiled with Cyrus SASL 2.1 it is possible to store the
    secrets in the LDAP database itself.

    That's what all this mess with SASL for. I need users and their
    passwords stored in LDAP (that's what i already have) and now i
    want DIGEST-MD5 authentication for some services (such
    Cyrus-IMAPD).

-- 
Best regards,
 Alexander                            mailto:lan_mailing@startatom.ru