[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re[2]: SASL MD5 - another try



Hello Dieter,

Thursday, July 17, 2003, 5:23:26 PM, you wrote:

DK> Hello Alexander,

DK> Alexander Lunyov <lan_mailing@startatom.ru> writes:

>> Hello Dieter,
>>
>> Thursday, July 17, 2003, 3:31:03 PM, you wrote:
>>
>> DK> Hello Alexander,
>>
>> DK> Alexander Lunyov <lan_mailing@startatom.ru> writes:
>>
>>>> Hello Dieter,
>>>>
>>>> Thursday, July 17, 2003, 12:30:25 PM, you wrote:
>>>>
>>>> DK> Hi,
>>>>
>>>> DK> Alexander Lunyov <lan_mailing@startatom.ru> writes:
>>
>>>> DK> That is correct in principle :-)
>>>> DK> If you store your userid's and passwords in a directory instead of
>>>> DK> sasldb you have to configure sasl and your application (imapd) to look
>>>> DK> up the directory. But that is a sasl issue and not an openldap topic.
>>>>
>>>>     Look, I KNOW how to make apps work without MD5 but with LDAP, and
>>>>     i know how to make apps work with MD5 and without LDAP. In this
>>>>     doc they telling me that it's ok when you will use SASL and LDAP -
>>>>     so i'm trying to make it work. And the point is not in apps, if
>>>>     there is even ldapsearch doesn't work!
>>
>> DK> Just to prove that it works, I have moved my /etc/sasldb2 to
>> DK> /etc/sasldb2_bak, added a plaintext password to my entry, edited
>> DK> /usr/lib/sasl2/ldap.conf "pwcheck_method: ldap" (although I'm not sure
>> DK> wether this file is read by sasl at all). Here are the results:
>>
>> DK> -.-.-.-.-.-. userid in directory entry -.-.-.-.-.-.-.-.-.-.-.-.-.-.-
>> dieter@marin:~>> ldapwhoami -Y DIGEST-MD5
>> DK> SASL/DIGEST-MD5 authentication started
>> DK> Please enter your password: 
>> DK> SASL username: dieter
>> DK> SASL SSF: 128
>> DK> SASL installing layers
>> DK> dn:cn=dieter kluenter,ou=partner,o=avci,c=de
>> DK> -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
>>
>> DK> Please note SASL username:, which is without sasl-realm.
>>
>> DK> -.-.--.-.-.-.userid in sasldb2-.-.-.-.-.-.-.-.-.-.-.-.-
>> dieter@marin:~>> ldapwhoami -Y DIGEST-MD5
>> DK> SASL/DIGEST-MD5 authentication started
>> DK> Please enter your password: 
>> DK> SASL username: dieter@avci.de
>> DK> SASL SSF: 128
>> DK> SASL installing layers
>> DK> dn:cn=dieter kluenter,ou=partner,o=avci,c=de
>> DK> -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
>>
>> DK> Here SASL username: is with sasl-realm
>>
>>     What system do you use, what version of SASL/LDAP, what is i
>>     those configs (OpenLDAP and SASL)?
>>
>>     I'm still thinking that problem is in FreeBSD.

DK> On my ldapserver I'm running SuSE-Linux-7.3, with OpenLDAP-2.1.19,
DK> cyrus-sasl-2.1.12, MIT Kerberos-1.2.6.
DK> AFAIK every application that uses sasl libraries for authentication
DK> purposes has to have a  /usr/lib/sasl(sasl2)/<application>.conf,
DK> except for cyrus-imap, which uses its own /etc/imapd.conf. For syntax
DK> of this configuration file see cyrus-sasl docs.

DK> Are you shure, your saslRegexp are correctly set? 

    I've already send to list my config, see earlier messages in this
    thread. Here is regexp

sasl-regexp uid=(.*),cn=startatom.ru,cn=digest-md5,cn=auth
        uid=$1,none=33(10),ou=users,dc=startatom,dc=ru

    And the structure is

  dc=startatom,dc=ru
  |
  |-cn=root
  |-cn=admin
  |-cn=dialup-group
  |-cn=radprofile
  |-cn=replica
  |-ou=users
    |
    |-node=33(10)
    |    |
    |    |-uid=lan
    |    |-uid=test
    |    |-uid=...
    |-node=33(11)
         |
         |-uid=user1
         |-uid=user2
         |-uid=...

-- 
Best regards,
 Alexander                            mailto:lan_mailing@startatom.ru