Re:

[Pierangelo Masarati <ando@sys-net.it>]

Ben Booble wrote:

> Hi List,
> I have been going through the very good http://www.billy.demon.nl/ 
> guide for postfix sasl ldap howto but have run into a problem.
>
> I am running openldap-2.1.25, cryus-sasl-2.1.17, redhat ES3.  I have 
> compiled and install ldapdb.c according to the readme.  In the guide 
> mentioned above to test the success of the installation you submit 
> this command..
>
> ldapwhoami -Y digest-md5 -U proxyuser -X u:username -H ldap://servername
>
> and the result should be dn:uid=username,ou=people,dc=... showing you 
> can authenticate as the username.
> I gather it is something to do with either ACLs or if not that 
> something else.  Can someone please look at below and give me a pointer?
>
> My result is: ldap_sasl_interactive_bind_s: Insufficient access (50)
>
> additional info: SASL(-14): authorization failure: not authorized
>
> slapd.log....
>
> slap_parseURI: parsing dn.regex:uid=.*,ou=people,dc=cpc
>
> > > > dnNormalize: <dn.regex:uid=.*,ou=people,dc=cpc> 

This part of the log is straightforward:  slapd is trying to DN-normalize
the string "dn.regex:uid=.*,ou=people,dc=cpc", which of course is not a 
legal
DN.  Note that the "dn.regex" syntax was added to 2.2, but is not yet 
present
in 2.1; I don't know what documentation you're referring to, but the syntax
of saslAuthz{to|From} attributes has been detailed (with reference to 
<dnstyles>)
only in 2.2 slapd.conf(5) man page.  See

http://www.openldap.org/lists/openldap-software/200403/msg00178.html

for details.

p.