RE:

["Ben Booble" <oneoutof100@hotmail.com>]

Hi List,

Further to this I have recompiled and re-installed openldap-2.1.25 with 
these options as per one solution offered in the message lists.

CFLAGS ="-I/usr/local/BerkeleyDB.4.2/include -I/usr/lib/sasl2" 
LDFLAGS="-L/usr/local/BerkeleyDB.4.2/lib -L/usr/lib/sasl2" ./configure 
--prefix=/usr/local/openldap-2.1.25 --sysconfdir=/etc --enable-debug 
--enable-syslog --with-cyrus-sasl --with-threads --with-tls --enable-slapd 
--enable-cleartext --enable-spasswd --enable-rewrite --enable-wrappers 
--enable-bdb --enable-slurpd

same result I'm afraid.  Also I set this in the slapd.conf ACL
access to * by * write

and no change.

Please help.

Thanks


> From: "Ben Booble" <oneoutof100@hotmail.com>
> To: OpenLDAP-software@OpenLDAP.org
> Date: Fri, 30 Apr 2004 01:58:53 +0000
>
> Hi List,
> I have been going through the very good http://www.billy.demon.nl/ guide 
> for postfix sasl ldap howto but have run into a problem.
>
> I am running openldap-2.1.25, cryus-sasl-2.1.17, redhat ES3.  I have 
> compiled and install ldapdb.c according to the readme.  In the guide 
> mentioned above to test the success of the installation you submit this 
> command..
>
> ldapwhoami -Y digest-md5 -U proxyuser -X u:username -H ldap://servername
>
> and the result should be dn:uid=username,ou=people,dc=... showing you can 
> authenticate as the username.
> I gather it is something to do with either ACLs or if not that something 
> else.  Can someone please look at below and give me a pointer?
>
> My result is: ldap_sasl_interactive_bind_s: Insufficient access (50)
>
> additional info: SASL(-14): authorization failure: not authorized
>
> slapd.log....
>
> slap_parseURI: parsing dn.regex:uid=.*,ou=people,dc=cpc
> > > > dnNormalize: <dn.regex:uid=.*,ou=people,dc=cpc>
> <===slap_sasl_match: comparison returned 21
> <==slap_sasl_check_authz: saslAuthzTo check returning 48
> <== slap_sasl_authorized: return 48
> SASL Authorize [conn=6]:  authorization disallowed (48)
> SASL [conn=6] Failure: not authorized
>
> slapd.conf ACL
> access to dn=".*,ou=people,dc=cpc"
>                 attrs=userPassword
>                 by self write
>                 by dn="cn=Manager,dc=cpc" write
>                 by dn="uid=admin,ou=people,dc=cpc" read
>                 by * auth
> access to dn=".*,ou=Contacts,dc=cpc"
>                 by * write
> access to dn="dc=cpc"
>                 by self write
>                 by dn="cn=Manager,dc=cpc" write
>                 by * read
>                 by * auth
>                 by anonymous search
>                 by users read
> access to *
>                 by dn="uid=admin,ou=people,dc=cpc" write (added out of 
> frustration)
> access to dn=""
>                 by dn="cn=Manager,dc=cpc" write
>                 by dn="uid=admin,ou=people,dc=cpc" read
>                 by self write
>                 by users read
>                 by * none
>
> password-hash   {CLEARTEXT}
> #sasl-host servername
> sasl-authz-policy to
> sasl-realm servername
> sasl-secprops noplain noanonymous maxssf=128
> sasl-regexp uid=(.*),cn=servername,cn=digest-md5,cn=auth
> uid=$1,ou=people,dc=cpc
> sasl-regexp uid=(.*),cn=digest-md5,cn=auth
> "ldap:///ou=people,dc=cpc??sub?uid=$1";
>
> ldapsearch -x -D "uid=admin,ou=people,dc=cpc" -W 'uid=admin' saslauthzto
> # admin, people, cpc
> dn: uid=admin,ou=people,dc=cpc
> saslAuthzTo: dn.regex:uid=.*,ou=people,dc=cpc
>
> _________________________________________________________________
> Protect your PC - get McAfee.com VirusScan Online 
> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail