Hi Howard, I followed your suggestion but that's what I got after running ldapsearch 1. [root@LDAPMaster etc]# ldapsearch -Y digest-md5 -b "o=Organization" -D "uid=CO,ou=Operator,o=Organization" SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): authentication failure: client response doesn't match what we generated 2. [root@LDAPMaster etc]# ldapsearch -Y digest-md5 -D "uid=CO,cn=digest-md5,cn=auth" SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): authentication failure: client response doesn't match what we generated In 1. and 2. I inserted CO_PWD as password-string according to my ldif file which ontains the following entry : dn: uid=CO, ou=Operator, o=Organization objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: Organization Commander sn: CO uid: CO userPassword: CO_PWD displayName: commander description: Organization commander So, what's wrong ? How can I use the secret stored in LDAP directory intead of using secret stored in sasl db? Many thanks for your attention. Giampaolo -----Messaggio originale----- Da: owner-openldap-software@OpenLDAP.org [mailto:owner-openldap-software@OpenLDAP.org] Inviato: giovedì 8 aprile 2004 15.34 A: owner-openldap-software@OpenLDAP.org; openldap-software@OpenLDAP.org Oggetto: RE: How the password stored in SASL db can be related to the userPassword attribute of an entry of the directory? http://www.openldap.org/doc/admin22/sasl.html Quoting from the above page, section 10.2.3: >>> To use secrets stored in the LDAP directory, place plaintext passwords in the userPassword attribute. It will be necessary to add an option to slapd.conf to make sure that passwords changed through LDAP are stored in plaintext: password-hash {CLEARTEXT} Passwords stored in this way can be managed either with ldappasswd or by simply modifying the userPassword attribute <<< Set the userPassword attribute to the user's password. That's all. -- Howard Chu Chief Architect, Symas Corp. Director, Highland Sun http://www.symas.com http://highlandsun.com/hyc Symas: Premier OpenSource Development and Support > -----Original Message----- > From: owner-openldap-software@OpenLDAP.org [mailto:owner-openldap-software@OpenLDAP.org] > Sent: Thursday, April 08, 2004 5:56 AM > To: openldap-software@OpenLDAP.org > Subject: How the password stored in SASL db can be related to the userPassword attribute of an entry of the directory? > > Hello everyone, > > first I would like to say thankyou to Haward Chu because the Replication problems via digest-md5 are resolved and my system works very well!! > > Now I have a new issue to solve. How can I syncronize both the passwords stored in the SASL db and in the Berkley db (bdb). I would like to refer to a unique password for a user. I would like to modify the userpassword of both the db with ldapmodify. I would like that this modification could be propagate from the master to the slave via digest-md5 replication. Should I put some new instruction into ldif file or what else? > I tried userPassword: {SASL} in my ldif file but it didn't work. > Manual says that with cyrus-sasl 2.1 it is possible to store sasl secret in the ldap directory. But it doesn't say how! > > Again, I need help. > > Anybody know the problem ? > > Many thanks. > > Giampaolo > > > > _______________________________ > Giampaolo Rossi > DATAMAT S.p.A. > Defence Space & Environment Division > Via Laurentina 760 > 00143 Rome (Italy) > Tel. +39 065027.2571 > Fax. +39 065027.2125 > > http://www.datamat.it > > > >
<<attachment: winmail.dat>>