[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: PROBLEM: can't use SASL to authentication openldap client
"LI Ji D" <Ji.d.Li@alcatel-lucent.com> writes:
> Hi,
> This is my comprehension:
> 1. The client is connecting to SLAPD requesting an SASL bind.
> 2. SLAPD uses the SASL subsystem (which checks the /usr/lib/sasl/slapd.conf file for settings) to tell the client how to authenticate. In this case, it tells the client to use DIGEST-MD5.
> 3. The client sends the authentication information to SLAPD.
> 4. SLAPD performs the translation specified in authz-regexp.
> 5. SLAPD then checks the client's response (using the SASL subsystem) against the information in /etc/sasldb2.
> 6. When the client authentication succeeds, OpenLDAP runs the search and returns the results to the client.
>
> So SLAPD just compares the password received form client and the one stored in sasldb2, how could it relate to the one stored in ldap like "userPassword: {SHA}5en6G6MezRroT3XKqkdPOmY/BfQ= " ?
Sorry, my bad. I forgot that you use sasldb as an external
authentication source. My remarks where based on an internal sasl
authentication. Try to raise the debug level in sasl/slapd.conf,
something like 'loglevel: 7'. If you use syslog, allow sasl to log to
auth.
-Dieter
--
Dieter Klünter | Systemberatung
sip: +49.40.20932173
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6