[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SASL authentication against OpenLDAP
Bryan Ray <bryan@bryanray.org.uk> writes:
> Hi,
> I am having a touble getting SASL to play ball with openldap, and
> would be grateful for any help in finding a solution.
>
> I have been following 'http://www.openldap.org/doc/admin22/sasl.html'
> with the aim of allowing my ldap tools (ldapsearch,ldapmodify,etc) to
> authenticate using details held in the ldap server. I wish to use the
> Digest-MD5 mechanism.
[...]
> # SASL Authentication
> sasl-host milkyway.bryanray.org.uk
> sasl-realm milkyway
> sasl-regexp uid=(.*),cn=milkyway.*,cn=digest-md5,cn=auth
> ldap:///dc=bryanray,dc=org,dc=uk??sub?(uid=$1)
> sasl-regexp uid=(.*),cn=digest-md5,cn=auth
> ldap:///dc=bryanray,dc=org,dc=uk??sub?(&(uid=$1)(objectclass=posixAccount))
> #sasl-secprops none,noanonymous
[...]
The sasl-regexp has to be written in one line or folded in ldif
format.And check the sasl authentication string by running slapd with
debugging mode 261.
-Dieter
--
Dieter Klünter | Systemberatung
Tel.: +49.40.64861967
Fax : +49.40.64891521
http://www.avci.de