[Date Prev][Date Next] [Chronological] [Thread] [Top]

OPENLDAP, SASL



Hello,

I need help about the configuration the OPENLDAP and Cyrus SASL

My configuration is :
BERKELEY 4.2
Cyrus SASL 2.1.18
OPENLDAP 2.2.11

on Linux Red Hat 8.0

The install is complete and no problem (I think).

I can launch my ldap daemon, create a database, and add entry. My problem is when I want to use a password. If my ldap.conf have password in CLEARTEXT with this command is OK.

ldappasswd -x -v -S -w secret -D "dc=cochise,dc=com" "cn=ar,ou=entreprise,dc=cochise,dc=com" -h "192.168.1.3"


But when I want to use the sasl to generate the password with the command i have a problem. I write this command
saslpasswd2 -c newuser
Password: ##
Again (for verification): ##


but when i want to use the search i open an fault segmentation of LDAP
/usr/local/bin/ldapsearch -Y DIGEST-MD5 -U toto -S -b "dc=myweb,dc=com" 'cn=newuser*' -h "MYIP"


I obtain this error

ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

The log of my LDAP is
do_sasl_bind: dn () mech DIGEST-MD5
==> sasl_bind: dn="" mech=<continuing> datalen=257
SASL [conn=3] Debug: DIGEST-MD5 server step 2
SASL Canonicalize [conn=3]: authcid="toto"
slap_sasl_getdn: id=toto [len=3]
slap_sasl_getdn: u:id converted to uid=toto,cn=DIGEST-MD5,cn=auth
>>> dnNormalize: <uid=toto,cn=DIGEST-MD5,cn=auth>
=> ldap_bv2dn(uid=toto,cn=DIGEST-MD5,cn=auth,0)
<= ldap_bv2dn(uid=toto,cn=DIGEST-MD5,cn=auth,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=toto,cn=digest-md5,cn=auth,272)=0
<<< dnNormalize: <uid=toto,cn=digest-md5,cn=auth>
==>slap_sasl2dn: converting SASL name uid=toto,cn=digest-md5,cn=auth to a DN
slap_sasl_regexp: converting SASL name uid=toto,cn=digest-md5,cn=auth
<==slap_sasl2dn: Converted SASL name to <nothing>
SASL Canonicalize [conn=3]: slapAuthcDN="uid=toto,cn=digest-md5,cn=auth"
/etc/sasldb2
daemon: select: listen=6 active_threads=0 tvp=NULL
Erreur de segmentation

I find a problem but i don't find solution.

The file /etc/sasldb2 don't exist. I use ldapadd to add an entry in my ldap.

Tks for your help.

If you want more information you could contact me.

Franck DARRAS