[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Re[4]: cyrus-sasl-2.1.15 and openldap-2.1.22 on FreeBSD 4.8 Release
Hi Alexander,
I have read again the section on Using SASL in the OpenLDAP 2.1
Administrators guide. As a test I have re-created the structure exactly
as SASL wants i.e. dn: uid=shunsley, cn=mail.widget.com, cn=digest-md5,
cn=auth and just to be sure dn: uid=shunsley, cn=digest-md5, cn=auth. By
doing this I guess I wont need the sasl-regexp statement anymore so I
have then removed all sasl statements from my slapd.conf file so it very
basic. However I still get exactly the same result.
Many thanks,
Shane
> -----Original Message-----
> From: Alexander Lunyov [mailto:lan_mailing@startatom.ru]
> Sent: 29 July 2003 16:37
> To: Shane Hunsley
> Cc: openldap-software@OpenLDAP.org
> Subject: Re[4]: cyrus-sasl-2.1.15 and openldap-2.1.22 on
> FreeBSD 4.8 Release
>
>
> Hello Shane,
>
> Tuesday, July 29, 2003, 7:18:58 PM, you wrote:
>
> SH> No white space at the end of the line.
>
> You mean, no whitespace at the BEGINing of line?
>
> SH> Below is the LDIF file used to
> SH> create the structure. Could you post your slapd.conf file please.
> SH> What does your ldap.conf file look like?
>
> /usr/local/etc/openldap/ldap.conf:
> ================================
> BASE dc=startatom,dc=ru
> URI ldap://icarus.startatom.ru
> ================================
>
> best part of /usr/local/etc/openldap/slapd.conf:
> ================================
> sasl-regexp uid=(.*),cn=DIGEST-MD5,cn=auth
> ldap:///ou=users,dc=startatom,dc=ru??sub?(uid=$1)
>
> password-hash {CLEARTEXT}
> ================================
>
> SASL auth:
> ================================
> icarus# ldapwhoami -U lan -Y DIGEST-MD5
> SASL/DIGEST-MD5 authentication started
> Please enter your password:
> SASL username: lan
> SASL SSF: 128
> SASL installing layers
> dn:uid=lan,node=33(10),ou=users,dc=startatom,dc=ru
> ================================
>
>
> SH> dn: cn=Manager
> SH> cn: Manager
> SH> description: Directory Manager
> SH> uid: manager
> SH> objectClass: top
> SH> objectClass: person
> SH> objectClass: organizationalPerson
> SH> objectClass: inetOrgPerson
> SH> sn: Manager
>
> SH> dn: dc=widget.com
> SH> dc: widget.com
> SH> o: Widget
> SH> objectClass: dcObject
> SH> objectClass: organization
>
> SH> dn: ou=user, dc=widget.com
> SH> objectClass: organizationalUnit
> SH> ou: User
>
> SH> dn: ou=group, dc=widget.com
> SH> objectClass: organizationalUnit
> SH> ou: Group
>
> SH> dn: cn=Everyone, ou=group, dc=widget.com
> SH> cn: Everyone
> SH> mail: everyone@widget.com
> SH> member: cn=Shane Hunsley, ou=user, dc=widget.com
> SH> objectClass: group
> SH> objectClass: top
>
> SH> dn: uid=shunsley, ou=user, dc=widget.com
> SH> cn: Shane Hunsley
> SH> givenName: Shane
> SH> l: Hull
> SH> uid: shunsley
> SH> mail: shane.hunsley@widget.com
> SH> o: Widget
> SH> objectClass: top
> SH> objectClass: person
> SH> objectClass: organizationalPerson
> SH> objectClass: inetOrgPerson
> SH> ou: IT
> SH> sn: Hunsley
> SH> telephoneNumber: 230
>
> SH> Many thanks,
>
> SH> Shane
>
> >> -----Original Message-----
> >> From: Alexander Lunyov [mailto:lan_mailing@startatom.ru]
> >> Sent: 29 July 2003 15:55
> >> To: Shane Hunsley
> >> Subject: Re[2]: cyrus-sasl-2.1.15 and openldap-2.1.22 on
> >> FreeBSD 4.8 Release
> >>
> >>
> >> Hello Shane,
> >>
> >> Tuesday, July 29, 2003, 6:33:07 PM, you wrote:
> >>
> >> Yes, i have exactly same software that you have. And i
> had the same
> >> problem, then it's gone by just tuning slapd.conf. Are
> you sure you
> >> have no whitespace before second line of sasl-regexp?
> And what is
> >> your LDAP structure?
> >>
> >>
> >> SH> Thanks for your very quick answer. I tried as you
> >> suggested but got
> >> SH> exactly the same. Are you experiencing the same
> problem? Are you
> >> SH> using FreeBSD?
> >>
> >> SH> Many thanks,
> >>
> >> SH> Shane
> >>
> >> >> -----Original Message-----
> >> >> From: owner-openldap-software@OpenLDAP.org
> >> >> [mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of
> >> >> Alexander Lunyov
> >> >> Sent: 29 July 2003 15:12
> >> >> To: openldap-software@OpenLDAP.org
> >> >> Subject: Re: cyrus-sasl-2.1.15 and openldap-2.1.22 on FreeBSD
> >> >> 4.8 Release
> >> >>
> >> >>
> >> >> Hello Shane,
> >> >>
> >> >> Tuesday, July 29, 2003, 5:33:31 PM, you wrote:
> >> >>
> >> >> SH> I'm trying to get cyrus-sasl-2.1.15 and openldap-2.1.22 to
> >> >> SH> work together on FreeBSD 4.8 Release. OpenLDAP works
> >> without a problem
> >> >> SH> but if I try to authenticate using SASL it appears to
> >> hang rather
> >> >> SH> than prompting me for a password. I added the line
> >> >> WITH-SASL=yes to
> >> >> SH> the Makefile to get the FreeBSD port to compile with SASL
> >> >> support.
> >> >> SH> What am I doing wrong?
> >> >>
> >> >> SH> command
> >> >> SH> #============begin==================
> >> >> SH> mail# ldapsearch -U shunsley
> >> >> SH> SASL/DIGEST-MD5 authentication started
> >> >>
> >> >> SH> #=============end===================================
> >> >>
> >> >>
> >> >> SH> sasl-regexp
> uid=(.*),cn=mail.widget.com,cn=DIGEST-MD5,cn=auth
> >> >> SH> uid=$1,ou=user,dc=widget.com
> >> >>
> >> >> It was same with me. Try to put
> >> >>
> >> >> sasl-regexp uid=(.*),cn=DIGEST-MD5,cn=auth
> >> >> uid=$1,ou=user,dc=widget.com
> >> >>
> >> >> And don't forget to put whitespace before second
> line of regexp
> >> >> (uid=$1...).
> >> >>
> >> >> --
> >> >> Best regards,
> >> >> Alexander
> >> mailto:lan_mailing@startatom.ru
> >> >>
> >> >>
> >>
> >>
> >>
> >>
> >> --
> >> Best regards,
> >>
> >> Alexander
> mailto:lan_mailing@startatom.ru
> >>
> >>
>
>
>
>
> --
> Best regards,
>
> Alexander mailto:lan_mailing@startatom.ru
>
>