Thanks, as ever, for the help, Kyle.
I started slapd in debug mode. When I executed the command you suggested, I see:
ldap_err2string
<= ldap_dn2bv(uid=root,cn=digest-md5,cn=auth)=0 Success
<<< dnNormalize: <uid=root,cn=digest-md5,cn=auth>
==>slap_sasl2dn: converting SASL name uid=root,cn=digest-md5,cn=auth to a DN
slap_sasl_regexp: converting SASL name uid=root,cn=digest-md5,cn=auth
<==slap_sasl2dn: Converted SASL name to <nothing>
SASL [conn=12] Failure: no secret in database
So, the good news is that "uid=root,cn=digest-md5,cn=auth" does look correct. But I then see "Converted SASL name to <nothing>". Here are the final lines in my /etc/openldap/slapd.conf:
# SASL options
password-hash {cleartext}
authz-regexp uid=(.*),cn=tivo2.backup,cn=digest-md5,cn=auth uid=tlemons
authz-regexp uid=(.*),cn=digest-md5,cn=auth uid=tlemons
tivo2:~ #
I thought that the first authz-regexp line would have mapped any account to uid-tlemons, but this apparently didn't happen.
Thanks
tl
-----Original Message-----
From: openldap-software-bounces+lemons_terry=emc.com@openldap.org [mailto:openldap-software-bounces+lemons_terry=emc.com@openldap.org] On Behalf Of Chapman, Kyle
Sent: Monday, April 02, 2007 11:42 AM
To: openldap-software@openldap.org
Subject: RE: DIGEST-MD5 returns 'user not found'
Does:
Ldapsearch -y digest-md5 -U root -R tivo2 -W
Show anything diff. I havent used sasldb2 stuff in a while, however with digestmd5 when secrets are stored in the ldap dit, had to be clear text.
-----Original Message-----
From: openldap-software-bounces+kyle_chapman=g1.com@OpenLDAP.org [mailto:openldap-software-bounces+kyle_chapman=g1.com@OpenLDAP.org] On Behalf Of lemons_terry@emc.com
Sent: Monday, April 02, 2007 10:36 AM
To: openldap-software@openldap.org
Subject: DIGEST-MD5 returns 'user not found'
Hi
I'm trying to use DIGEST-MD5 authentication on a SLES 9 SP3 system running OpenLDAP 2.
tivo2:~ # ldapsearch
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
additional info: SASL(-13): user not found: no secret in database
When I run 'ldapsearch -d 2', I see that 'username=root' and 'realm=tivo2.backup'.
I believe that I have the correct entry for 'root' in the SASL database:
sasldblistusers2
root@tivo2: userPassword
So why is SASL saying 'user not found'?
Thanks
tl
Terry Lemons
Backup Platforms Group
EMC²
where information lives
4400 Computer Drive, MS D239
Westboro MA 01580
Phone: 508 898 7312
Email: Lemons_Terry@emc.com
NOTICE: This E-mail may contain confidential information. If you are not
the addressee or the intended recipient please do not read this E-mail
and please immediately delete this e-mail message and any attachments
from your workstation or network mail system. If you are the addressee
or the intended recipient and you save or print a copy of this E-mail,
please place it in an appropriate file, depending on whether
confidential information is contained in the message.