[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Problem using PLAIN SASLMechanism
Hi,
I have to configure an second LDAP Server to store an big directory.
This server should use our primary LDAP server to check the logins.
Here My Problem:
>ldapsearch -Y PLAIN -W -D uid=root,o=yyy,c=com -b "o=yyy,c=com" -s
base supportedSASLMechanisms -d1 -O maxssf=0
ldap_create
Enter LDAP Password:
ldap_sasl_interactive_bind_s: user selected: PLAIN
ldap_int_sasl_bind: PLAIN
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 127.0.0.1:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
ldap_int_sasl_open: host=grunix
ldap_err2string
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
I have read I have to use PLAIN because of saslauthd can't use other
mechanisms, is that right? The other mechanisms don't work also :-(
Here the result of the sasl test application:
> testsaslauthd -s ldap -u root -p yyy -f /var/run/saslauthd/mux
0: OK "Success."
And here my configuration:
/usr/lib/sasl2/slapd.conf:
mech_list: PLAIN LOGIN GSSAPI DIGEST-MD5 CRAM-MD5 EXTERNAL
pwcheck_method: saslauthd
saslauthd_path: /var/run/saslauthd/mux
log_level: 7
Here my /etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
security ssf=0
sasl-host 127.0.0.1
sasl-realm YYY.COM
sasl-secprops none
access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read
database bdb
suffix o=yyy,c=com
rootdn cn=admin,o=yyy,c=com
rootpw secret
directory /var/lib/openldap-data
index objectClass eq
access to dn.subtree="o=yyy,c=com"
by * read
I have entered "{SASL}root" to the userPassword attribute to forward
the password to SASL.
versions:
openldap 2.4.10
cyrus-sasl 2.1.22
Has anyone an Idea what happens?
regards, Steffen