Re: PROBLEM: can't use SASL to authentication openldap client

[Dan White <dwhite@olp.net>]

On 05/08/10 16:35 +0800, LI Ji D wrote:
> Hi, Klünter
> 	Now I can use sasl to authenticate, but openldap seems using the password attribute stored in user in openldap to do the sasl. I expect openldap to use sasldb as an external source to do the authentication.
> 	1. My slapd.conf is below:
> include         /usr/local/openldap/schema/core.schema
> include         /usr/local/openldap/schema/cosine.schema
> include         /usr/local/openldap/schema/inetorgperson.schema
> include         /usr/local/openldap/schema/openldap.schema
> include         /usr/local/openldap/schema/nis.schema
> pidfile         /usr/local/openldap/slapd.1.pid
> argsfile        /usr/local/openldap/slapd.1.args
> password-hash {CLEARTEXT}
> authz-regexp uid=(.*),cn=DIGEST-MD5,cn=auth ldap:///ou=people,dc=example,dc=com??one?(cn=$1) binddn="uid=proxy,ou=People,dc=example,dc=com" credentials=proxy mode=self
>
> database bdb
> suffix   "ou=people,dc=example,dc=com"
> rootdn   "cn=admin,ou=people,dc=example,dc=com"
> 	
> 	2. and also I create slapd.conf in /usr/local/sasl2/lib/sasl2/slapd.conf
> content is :
> pwcheck_method: auxprop
> auxprop_plugin: sasldb
> mech_list: digest-md5

You may have hit the same issue that Brent did. Most likely you will need
to create this file within /usr/lib/sasl2 or /etc/sasl2 instead.

Alternatively, you can set the environment variable SASL_CONF_PATH to
instruct the sasl glue library where to search for config files. See the
man page for sasl_getconfpath_t for details.

--
Dan White