You probably should not use -D <DN> with SASL binds and if you give a SASL name you have to make sure it is converted properly to a DN you have in your DIT. It is all in the Administration Guide.Hi Howard,
I followed your suggestion but that's what I got after running ldapsearch
1. [root@LDAPMaster etc]# ldapsearch -Y digest-md5 -b "o=Organization" -D "uid=CO,ou=Operator,o=Organization" SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): authentication failure: client response doesn't match what we generated
In 1. and 2. I inserted CO_PWD as password-string according to my ldif file which ontains the following entry : dn: uid=CO, ou=Operator, o=Organization objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: Organization Commander sn: CO uid: CO userPassword: CO_PWD
not sure but don't you need {CLEARTEXT}CO_PWD?
SASL uses backend for storing secrets, sasldb is the most common. You have to compile ldapdb from the openldap /contrib directory with your SASL package and setup proxy authentication. Read the Admin Guide and Tony Earnshaw's writeup at http://www.billy.demon.nl/Postfix-SASL-authentication.html it helped me a lot. One note to the above:displayName: commander description: Organization commander
So, what's wrong ?
How can I use the secret stored in LDAP directory intead of using secret stored in sasl db?
greetings Paul