From: Pierangelo Masarati <ando@sys-net.it>
To: Ben Booble <oneoutof100@hotmail.com>
CC: OpenLDAP-software@OpenLDAP.org
Subject: Re:
Date: Sat, 01 May 2004 11:39:33 +0200
Ben Booble wrote:
Hi List,
I have been going through the very good http://www.billy.demon.nl/ guide
for postfix sasl ldap howto but have run into a problem.
I am running openldap-2.1.25, cryus-sasl-2.1.17, redhat ES3. I have
compiled and install ldapdb.c according to the readme. In the guide
mentioned above to test the success of the installation you submit this
command..
ldapwhoami -Y digest-md5 -U proxyuser -X u:username -H ldap://servername
and the result should be dn:uid=username,ou=people,dc=... showing you can
authenticate as the username.
I gather it is something to do with either ACLs or if not that something
else. Can someone please look at below and give me a pointer?
My result is: ldap_sasl_interactive_bind_s: Insufficient access (50)
additional info: SASL(-14): authorization failure: not authorized
slapd.log....
slap_parseURI: parsing dn.regex:uid=.*,ou=people,dc=cpc
dnNormalize: <dn.regex:uid=.*,ou=people,dc=cpc>
This part of the log is straightforward: slapd is trying to DN-normalize
the string "dn.regex:uid=.*,ou=people,dc=cpc", which of course is not a
legal
DN. Note that the "dn.regex" syntax was added to 2.2, but is not yet
present
in 2.1; I don't know what documentation you're referring to, but the syntax
of saslAuthz{to|From} attributes has been detailed (with reference to
<dnstyles>)
only in 2.2 slapd.conf(5) man page. See
http://www.openldap.org/lists/openldap-software/200403/msg00178.html
for details.
p.