[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: SASL MD5 database setting?
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Kent Soper
> I have my slapd.conf complete with sasl-regexp's. Is there a
> setting or
> special usage to make SASL search LDAP over sasldb for secrets?
slapd will always perform the internal search first, in addition to anything
else.
>
> When I perform a ldapsearch the server output shows the dn is
> mapped to a valid entry in the directory.
I find this hard to believe; your sasl-regexp is invalid.
> However the process is trying
> to find the
> entry in sasldb and not in my LDAP directory. The error is:
Yes, it always will try all possible sources unless you create a SASL config
file telling it not to like so:
/usr/lib/sasl2/slapd.conf:
auxprop_plugin: slapd
>
> ldap_sasl_interactive_bind_s: Internal (implementation
> specific) error
> (80)
> additional info: SASL (-13): user not found: no
> secret in database
This means the user was not found in *any* database, not just sasldb.
> my sasl-regexp:
> sasl-regexp "uid=(.*),cn=cram-md5,cn=auth"
> "ldaps:///dc=myserver,dc=com??sub?cn=$1,cn=my system"
The search filter in the LDAP URI is incorrect. The use of "ldaps:" for the
scheme specifier is accepted but pointless; since the lookups are done by
internal searches there is no protocol mechanism involved. Just use
"ldap:///"; for consistency's sake, please.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support