[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: DIGEST-MD5 returns 'user not found'

To: <hyc@symas.com>
Subject: RE: DIGEST-MD5 returns 'user not found'
From: lemons_terry@emc.com
Date: Mon, 2 Apr 2007 15:16:33 -0400
Cc: openldap-software@openldap.org, Kyle_Chapman@g1.com
Content-class: urn:content-classes:message
In-reply-to: <46114D68.6000708@symas.com>
References: <CEC4708048E79E4CB20CDB491567EA3C0B92F3F3@mdg1ex03.g1.com> <05AADEB492F5824996D28D504686739907AF5362@CORPUSMX40A.corp.emc.com> <46114D68.6000708@symas.com>
Thread-index: Acd1VgHaWrM/IBw5RZOJj+CRA+rlhgAA98fQ
Thread-topic: DIGEST-MD5 returns 'user not found'

Hi Howard

>The SASL library tries all available information sources. If there was
a 
>"root" user record in your sasldb2 file it would have been used. Since 
>your sasldblistusers2 output shows "root@tivo2" I'd say you have the 
>wrong realm info in your database, as that doesn't match either "root" 
>or "root@tivo2.backup".

And that was the problem.  When I added "root@tivo2.backup" to the sasl
database, ldapsearch worked!  MANY thanks for this!

It's interesting (at least, to me) to note that I didn't need any of the
authentication identity mapping entries (as described in section 11.2.4
of the "OpenLDAP Software 2.3 Administrator's Guide" to make this work
(not even the "password-hash {cleartext}" entry that some resources said
to add).

So what gives this SASL mechanism the authority to perform tasks via
LDAP?

Thanks!
tl

Follow-Ups:
- Re: DIGEST-MD5 returns 'user not found'
  - From: Howard Chu <hyc@symas.com>

References:
- RE: DIGEST-MD5 returns 'user not found'
  - From: "Chapman, Kyle" <Kyle_Chapman@G1.com>
- RE: DIGEST-MD5 returns 'user not found'
  - From: lemons_terry@emc.com
- Re: DIGEST-MD5 returns 'user not found'
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: slapd segfaults during SASL/GSSAPI bind
Next by Date: Re: DIGEST-MD5 returns 'user not found'
Index(es):
- Chronological
- Thread