[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
SASL DIGEST-MD5 and Realm
Hello,
I am running OpenLDAP v2.3.39 and have some questions
regarding SASL. Is it possible to use realms with
DIGEST-MD5 and no saslauthdb running? I am using ldap
to store the uid and password and authz-regexp
statements to map user ids. However, it seems that
ldap tools do not pass the realm parameter to the
server with my setup.
example:
ldapsearch -Y digest-md5 -U eric -R example.com
slapd debug:
do_sasl_bind: dn () mech DIGEST-MD5
SASL [conn=8] Debug: DIGEST-MD5 server step 2
slap_sasl_getdn: u:id converted to
uid=deploy,cn=DIGEST-MD5,cn=auth
>>> dnNormalize: <uid=eric,cn=DIGEST-MD5,cn=auth>
<<< dnNormalize: <uid=eric,cn=digest-md5,cn=auth>
==>slap_sasl2dn: converting SASL name
uid=eric,cn=digest-md5,cn=auth to a DN
How come the realm parameter is missing?
Here is the authz-regexp I have in slapd.conf:
authz-regexp
uid=([^,]*),cn=example.com,cn=digest-md5,cn=auth
ldap:///ou=users,dc=example,dc=com??sub?(&(uid=$1)(objectClass=posixAccount))
Thanks!
Eric
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com