[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Re[2]: SASL MD5 - another try

To: openldap-software@OpenLDAP.org
Subject: Re: Re[2]: SASL MD5 - another try
From: Dieter Kluenter <dieter@dkluenter.de>
Date: 18 Jul 2003 12:45:19 +0200
In-reply-to: <629319438.20030718123029@startatom.ru>
References: <62471981.20030716161352@startatom.ru> <m31xwqtvch.fsf@marin.l4b.de> <1378995706.20030716184123@startatom.ru> <m33ch5k126.fsf@marin.l4b.de> <1072486008.20030717124726@startatom.ru> <m3n0fdie4o.fsf@marin.l4b.de> <1504041776.20030717160348@startatom.ru> <m3isq1i8xd.fsf@marin.l4b.de> <134166873.20030717174326@startatom.ru> <m3smp5gdtj.fsf@marin.l4b.de> <40915176.20030718092710@startatom.ru> <m3oezsp9sm.fsf@marin.l4b.de> <629319438.20030718123029@startatom.ru>

Hi Alexander,

Am Fre, 2003-07-18 um 10.30 schrieb Alexander Lunyov:
> Hello Dieter,
> 
> Friday, July 18, 2003, 11:35:05 AM, you wrote:
> 
> >> In sasl-regexp was a typo. And also uppercase of DIGEST-MD5. Now
> >>     i have
> >>
> >> ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
> >>         additional info: SASL(-13): user not found: no secret in
> >>         database
> DK> Did you put the password in plaintext into the entry? Otherwise sasl
> DK> couldn't read it.
> 
>     Yes, i did. I'm using java LDAPBrowser by Jarek Gawor - it's
>     plaintext.
> 
> >>     And with -d -1 in the log i don't see, that sasl-regexp are even
> >>     touched - it something like searches for user in sasldb only, but
> >>     that's not what i'm expecting :( All in vain :(
> DK> saslRegexp are loaded into cache when starting slapd, so you probabely
> DK> would not see any debugging output. But you could use strace or
> DK> whatever you use on your system to follow system calls.
> 
>     Hmm... Maybe i should try it.
> 
> >>     Once again - now with SASL working - should i compile ldapdb
> >>     auxprop plugin? The only thing i want is to get rid of sasldb and,
> >>     as it said in Admin's Guide, store secrets in LDAP itself. Or
> >>     should i somehow modify LDAP structure? Or should i do what?
> DK> auxprop is only used for auxiliary databases like mySQL or posgresql.
> DK> Quite frankly I'm a bit lost now, as it works fine for me, with
> DK> userid's and credetials either stored in sasldb or in openldap, and I
> DK> didn't do any specific modifications.
> 
>     Not only, there is auxprop plugin for LDAP, and i have to try it -
>     i'll tell you if i fail or win in this case.
> 
> >>     How to store secrets in LDAP?
> DK> You may use ldappasswd, or create an *.ldif file, or use a graphical
> DK> tool like GQ or Ldapbrowser.
> 
>     No, i mean how to store SASL secrets in LDAP DB? Maybe i should do
>     some configuration over SASL?

It just struck my mind, that your problem might be a sasl realm.
As default, sasl takes host.domain.tld als realm, unless defined
otherwise. 
Could you test with the cyrus-sasl test suite, if the sasl
authentification string contains the sasl-realm, you provide in your
saslRegexp?

-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de

Follow-Ups:
- SOLVED Re[4]: SASL MD5 - another try
  - From: Alexander Lunyov <lan_mailing@startatom.ru>

References:
- SASL MD5 - another try
  - From: Alexander Lunyov <lan_mailing@startatom.ru>
- Re: SASL MD5 - another try
  - From: Dieter Kluenter <dieter@dkluenter.de>
- Re[2]: SASL MD5 - another try
  - From: Alexander Lunyov <lan_mailing@startatom.ru>
- Re: SASL MD5 - another try
  - From: Dieter Kluenter <dieter@dkluenter.de>
- Re: SASL MD5 - another try
  - From: Dieter Kluenter <dieter@dkluenter.de>
- Re[2]: SASL MD5 - another try
  - From: Alexander Lunyov <lan_mailing@startatom.ru>
- Re: SASL MD5 - another try
  - From: Dieter Kluenter <dieter@dkluenter.de>
- Re[2]: SASL MD5 - another try
  - From: Alexander Lunyov <lan_mailing@startatom.ru>
- Re: SASL MD5 - another try
  - From: Dieter Kluenter <dieter@dkluenter.de>
- Re: SASL MD5 - another try
  - From: Dieter Kluenter <dieter@dkluenter.de>
- Re[2]: SASL MD5 - another try
  - From: Alexander Lunyov <lan_mailing@startatom.ru>

Prev by Date: Re: chinese support in openldap
Next by Date: TLS or plain?
Index(es):
- Chronological
- Thread