[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re[2]: SASL MD5 - another try
Hello Dieter,
Thursday, July 17, 2003, 5:23:26 PM, you wrote:
DK> Hello Alexander,
DK> Alexander Lunyov <lan_mailing@startatom.ru> writes:
>> Hello Dieter,
>>
>> Thursday, July 17, 2003, 3:31:03 PM, you wrote:
>>
>> DK> Hello Alexander,
>>
>> DK> Alexander Lunyov <lan_mailing@startatom.ru> writes:
>>
>>>> Hello Dieter,
>>>>
>>>> Thursday, July 17, 2003, 12:30:25 PM, you wrote:
>>>>
>>>> DK> Hi,
>>>>
>>>> DK> Alexander Lunyov <lan_mailing@startatom.ru> writes:
>>
>>>> DK> That is correct in principle :-)
>>>> DK> If you store your userid's and passwords in a directory instead of
>>>> DK> sasldb you have to configure sasl and your application (imapd) to look
>>>> DK> up the directory. But that is a sasl issue and not an openldap topic.
>>>>
>>>> Look, I KNOW how to make apps work without MD5 but with LDAP, and
>>>> i know how to make apps work with MD5 and without LDAP. In this
>>>> doc they telling me that it's ok when you will use SASL and LDAP -
>>>> so i'm trying to make it work. And the point is not in apps, if
>>>> there is even ldapsearch doesn't work!
>>
>> DK> Just to prove that it works, I have moved my /etc/sasldb2 to
>> DK> /etc/sasldb2_bak, added a plaintext password to my entry, edited
>> DK> /usr/lib/sasl2/ldap.conf "pwcheck_method: ldap" (although I'm not sure
>> DK> wether this file is read by sasl at all). Here are the results:
>>
>> DK> -.-.-.-.-.-. userid in directory entry -.-.-.-.-.-.-.-.-.-.-.-.-.-.-
>> dieter@marin:~>> ldapwhoami -Y DIGEST-MD5
>> DK> SASL/DIGEST-MD5 authentication started
>> DK> Please enter your password:
>> DK> SASL username: dieter
>> DK> SASL SSF: 128
>> DK> SASL installing layers
>> DK> dn:cn=dieter kluenter,ou=partner,o=avci,c=de
>> DK> -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
>>
>> DK> Please note SASL username:, which is without sasl-realm.
>>
>> DK> -.-.--.-.-.-.userid in sasldb2-.-.-.-.-.-.-.-.-.-.-.-.-
>> dieter@marin:~>> ldapwhoami -Y DIGEST-MD5
>> DK> SASL/DIGEST-MD5 authentication started
>> DK> Please enter your password:
>> DK> SASL username: dieter@avci.de
>> DK> SASL SSF: 128
>> DK> SASL installing layers
>> DK> dn:cn=dieter kluenter,ou=partner,o=avci,c=de
>> DK> -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
>>
>> DK> Here SASL username: is with sasl-realm
>>
>> What system do you use, what version of SASL/LDAP, what is i
>> those configs (OpenLDAP and SASL)?
>>
>> I'm still thinking that problem is in FreeBSD.
DK> On my ldapserver I'm running SuSE-Linux-7.3, with OpenLDAP-2.1.19,
DK> cyrus-sasl-2.1.12, MIT Kerberos-1.2.6.
DK> AFAIK every application that uses sasl libraries for authentication
DK> purposes has to have a /usr/lib/sasl(sasl2)/<application>.conf,
DK> except for cyrus-imap, which uses its own /etc/imapd.conf. For syntax
DK> of this configuration file see cyrus-sasl docs.
DK> Are you shure, your saslRegexp are correctly set?
I've already send to list my config, see earlier messages in this
thread. Here is regexp
sasl-regexp uid=(.*),cn=startatom.ru,cn=digest-md5,cn=auth
uid=$1,none=33(10),ou=users,dc=startatom,dc=ru
And the structure is
dc=startatom,dc=ru
|
|-cn=root
|-cn=admin
|-cn=dialup-group
|-cn=radprofile
|-cn=replica
|-ou=users
|
|-node=33(10)
| |
| |-uid=lan
| |-uid=test
| |-uid=...
|-node=33(11)
|
|-uid=user1
|-uid=user2
|-uid=...
--
Best regards,
Alexander mailto:lan_mailing@startatom.ru