[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL authentication against OpenLDAP



Bryan Ray <bryan@bryanray.org.uk> writes:

> Hi,
>     I am having a touble getting SASL to play ball with openldap, and
>     would be grateful for any help in finding a solution.
>
> I have been following 'http://www.openldap.org/doc/admin22/sasl.html'
> with the aim of allowing my ldap tools (ldapsearch,ldapmodify,etc) to
> authenticate using details held in the ldap server. I wish to use the
> Digest-MD5 mechanism.
[...]
> # SASL Authentication
> sasl-host milkyway.bryanray.org.uk
> sasl-realm milkyway
> sasl-regexp uid=(.*),cn=milkyway.*,cn=digest-md5,cn=auth
> ldap:///dc=bryanray,dc=org,dc=uk??sub?(uid=$1)
> sasl-regexp uid=(.*),cn=digest-md5,cn=auth
> ldap:///dc=bryanray,dc=org,dc=uk??sub?(&(uid=$1)(objectclass=posixAccount))
> #sasl-secprops none,noanonymous
[...]

The sasl-regexp has to be written in one line or folded in ldif
format.And check the sasl authentication string by running slapd with
debugging mode 261.

-Dieter
-- 
Dieter Klünter | Systemberatung
Tel.: +49.40.64861967
Fax : +49.40.64891521
http://www.avci.de