[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
SASL authentication against OpenLDAP
Hi,
I am having a touble getting SASL to play ball with openldap, and
would be grateful for any help in finding a solution.
I have been following 'http://www.openldap.org/doc/admin22/sasl.html'
with the aim of allowing my ldap tools (ldapsearch,ldapmodify,etc) to
authenticate using details held in the ldap server. I wish to use the
Digest-MD5 mechanism.
I have configured the server following 'LDAP System Administration -
Gerald Carter' and filled in the SASL details from the url above as best
as I can, but when trying to connect with SASL I get the following:
#ldapsearch -U bryan -b "dc=bryanray,dc=org,dc=uk" "(objectclass=*)"
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
additional info: SASL(-13): user not found: no secret in database
This implies to me that SASL is using the /etc/sasldb database, or I
have made an error in my regular expressions, but do not know how to
proceed from here. Thanks for any help.
Bryan
My configuration:
-------------------------------------------------------------------------
/etc/openldap/slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
loglevel 488
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
# SASL Authentication
sasl-host milkyway.bryanray.org.uk
sasl-realm milkyway
sasl-regexp uid=(.*),cn=milkyway.*,cn=digest-md5,cn=auth
ldap:///dc=bryanray,dc=org,dc=uk??sub?(uid=$1)
sasl-regexp uid=(.*),cn=digest-md5,cn=auth
ldap:///dc=bryanray,dc=org,dc=uk??sub?(&(uid=$1)(objectclass=posixAccount))
#sasl-secprops none,noanonymous
# TLS/SSL
TLSCipherSuite HIGH
TLSCertificateFile /etc/openldap/ssl/slapd-cert.pem
TLSCertificateKeyFile /etc/openldap/ssl/slapd-key.pem
# Default password hash format
password-hash {CLEARTEXT}
#######################################################################
# ldbm database definitions
#######################################################################
database bdb
suffix "dc=bryanray,dc=org,dc=uk"
rootdn "cn=admin,dc=bryanray,dc=org,dc=uk"
rootpw {SHA}****************************
directory /var/ldap/bryanray.org.uk
# Indices to maintain - should be more here...
index objectClass eq
-------------------------------------------------------------------------
Where the domain name from the machine is:
#dnsdomainname
bryanray.org.uk
#hostname
milkyway
#sasldblistusers2
admin@milkyway:userPassword
-------------------------------------------------------------------------
The directory contains:
dn: dc=bryanray,dc=org,dc=uk
objectClass: dcObject
objectClass: organization
o: BryanRay.org.uk
dc: bryanray
structuralObjectClass: organization
entryUUID: efd2c588-7763-1028-9aaf-8f7488bec364
creatorsName: cn=admin,dc=bryanray,dc=org,dc=uk
modifiersName: cn=admin,dc=bryanray,dc=org,dc=uk
createTimestamp: 20040731173645Z
modifyTimestamp: 20040731173645Z
entryCSN: 20040731173645Z#000001#00#000000
dn: cn=admin,dc=bryanray,dc=org,dc=uk
objectClass: organizationalRole
cn: admin
structuralObjectClass: organizationalRole
entryUUID: efd753b4-7763-1028-9ab0-8f7488bec364
creatorsName: cn=admin,dc=bryanray,dc=org,dc=uk
modifiersName: cn=admin,dc=bryanray,dc=org,dc=uk
createTimestamp: 20040731173645Z
modifyTimestamp: 20040731173645Z
entryCSN: 20040731173645Z#000002#00#000000
dn: ou=people,dc=bryanray,dc=org,dc=uk
ou: people
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: f4d00dde-7763-1028-89ac-f4015d8834eb
creatorsName: cn=admin,dc=bryanray,dc=org,dc=uk
modifiersName: cn=admin,dc=bryanray,dc=org,dc=uk
createTimestamp: 20040731173653Z
modifyTimestamp: 20040731173653Z
entryCSN: 20040731173653Z#000001#00#000000
dn: uid=bryan,ou=people,dc=bryanray,dc=org,dc=uk
uid: bryan
cn: Bryan Ray
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/bryan
sn: Ray
objectClass: posixAccount
objectClass: inetOrgPerson
structuralObjectClass: inetOrgPerson
entryUUID: 4d17cbdc-7802-1028-98e3-ddb999058336
creatorsName: cn=admin,dc=bryanray,dc=org,dc=uk
createTimestamp: 20040801123022Z
userPassword:: ****************
entryCSN: 20040806112924Z#000001#00#000000
modifiersName: cn=admin,dc=bryanray,dc=org,dc=uk
modifyTimestamp: 20040806112924Z
-------------------------------------------------------------------------
SASL was compiled with the following options:
--with-ldap --disable-otp
OpenLDAP was compiled with the following options:
--with-cyrus-sasl --with-tls --with-wrappers --enable-spasswd
--enable-dynamic