[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re[4]: Problems with SASL & openLDAP

To: openldap-software@OpenLDAP.org
Subject: Re[4]: Problems with SASL & openLDAP
From: Alexander Lunyov <lan_mailing@startatom.ru>
Date: Tue, 19 Aug 2003 21:48:20 +0400
In-reply-to: <OF2E5E7C1C.58815513-ON87256D87.005C139B-86256D87.005CF4B8@us.ibm.com>
Organization: PO Start
References: <OF2E5E7C1C.58815513-ON87256D87.005C139B-86256D87.005CF4B8@us.ibm.com>

Hello Kent,

Tuesday, August 19, 2003, 8:56:15 PM, you wrote:





KS> Hi Alexander,

>> KS> First, run a "ldapwhoami -Y digest-md5" to see the form of the SASL
KS> auth
>> KS> DN.  No, 'digest-md5' does not need to be in caps.
>>
>> KS> might work:
>> KS> //with a realm ...
>> KS> sasl-regexp
>> KS>       uid=(.*),cn=.*,cn=digest-md5,cn=auth
>> KS>       ldap:///ou=MemberGroupA,dc=example,dc=com??sub?(uid=$1)

>> KS> //without a realm ...
>> KS> sasl-regexp
>> KS>       uid=(.*),cn=digest-md5,cn=auth
>> KS>       ldap:///ou=MemberGroupA,dc=example,dc=com??sub?(uid=$1)
>>
>>       You have to put mech in uppercase here, cn=DIGEST-MD5, or it
>>       won't work.
KS> That's strange.  The SASL auth DN is normalized to lower case according to
KS> my slapd debug output.  Does the output of the ldapwhoami command contains
KS> uppercase too?

    Ooops, it works even in lc :) Sorry :)




-- 
Best regards,
 Alexander                            mailto:lan_mailing@startatom.ru

References:
- Re: Re[2]: Problems with SASL & openLDAP
  - From: Kent Soper <dksoper@us.ibm.com>

Prev by Date: WA catalog issue
Next by Date: Openldap vs. IBM Directory Server
Index(es):
- Chronological
- Thread