[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to configure openLDAP with SASL Digest-MD5

To: openldap-software@OpenLDAP.org
Subject: Re: How to configure openLDAP with SASL Digest-MD5
From: Lara Adianto <m1r4cle_26@yahoo.com>
Date: Mon, 9 Feb 2004 20:21:03 -0800 (PST)
In-reply-to: <1076346397.28089.74.camel@localhost>

--- Tony Earnshaw <tonye@billy.demon.nl> wrote:
> man, 09.02.2004 kl. 09.33 skrev Lara Adianto:
> 
> > I have openLDAP-2.1.25 with simple authentication
> > (without SSL/TLS) works fine on my machine RedHat
> > Linux 9.0 kernel 2.4.20-8.
> 
> *Thanks* (sigh of relief) for giving OS and distro
> details :) I don't
> have to slag you off or ignore you ...
> 
> > I'm now trying to incorporate the SASL Digest-MD5
> > authentication on it. I have followed the 'SASL
> > Configuration: Digest-MD5' guide from LDAP Linux
> HOWTO
> > but still can't get it right.
> 
> To begin with, setting up SASL with Openldap 2.1/2.2
> is a wretch. After
> a while, you get used to the train of thought, and
> it becomes second
> nature. Though it becomes worse when you have to
> arrange for a Cyrus
> SASL auxprop *proxy* SASL user - for Postfix smtp
> AUTH, for example.
> 
> [...]
> 
> > While the server is installed with the following
> > configuration:
> > # CPPFLAGS="-I/usr/local/include"
> > LDFLAGS="-L/usr/local/lib" ./configure
> --prefix=/usr
> > --libexecdir=/usr/sbin --sysconfdir=/etc
> > --localstatedir=/var/run --enable-debug
> --disable-ipv6
> > --with-cyrus-sasl --without-kerberos --without-tls
> > --enable-crypt --enable-passwd --enable-ldbm
> 
> This is your privilege. If I'm compiling anything
> that might conflict
> with standard Ma RedHat, it goes into /usr/local,
> will he, nil he. Then
> I can point specific compiles at my own stuff,
> without conflicting with
> RH.
> 
> > I have successfully created the sasl user database
> > using 'saslpasswd2 -c admin' command.
> 
> The point about Openldap 2.1 SASL is, that you don't
> make any use of the
> Cyrus saslauthd or saslpasswd?. Everything is done
> within Openldap.
> 
> [...]
> 
> > sasl-regexp
> uid=(.*),cn=rdnt03,cn=DIGEST-MD5,cn=auth
> > uid=$1,ou=People,o=Ever
> 
> Don't look right to me. If you want DIGEST-MD5, try:
> 
> sasl-regexp uid=(.*),cn=digest-md5,cn=auth
> "ldap:///ou=People,o=Ever??sub?uid=$1";
> 
> Why? Because that's the standard way of Openldap
> SASL mapping. And that
> way, you short-circuit the whole extraneous Cyrus
> SASL authentication
> mechanism, whilst still using the SASL2 libraries.

Yes, I get what you mean, but it still doesn't explain
the following problem:

# sasldblistusers2
db failure
listusers failed

# slapcat
Unrecognized database type (dbm)
slapcat: bad configuration file!

- Lara -

=====
--------------------------------------------------------------------- 
Believe in miracles, but don't depend upon them 
----------------------------------------------------------------------



__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/

Follow-Ups:
- Re: How to configure openLDAP with SASL Digest-MD5 (UNDEFINED SYMBOL: DES_ede3_cbc_encrypt)
  - From: Lara Adianto <m1r4cle_26@yahoo.com>

References:
- Re: How to configure openLDAP with SASL Digest-MD5
  - From: Tony Earnshaw <tonye@billy.demon.nl>

Prev by Date: Re: Log sequence error on db_recover
Next by Date: Re: Using secure port
Index(es):
- Chronological
- Thread