[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problems Enabling Authentication using Cyrus SASL



On 17/11/10 11:09 -0400, Fernando Torrez wrote:
  I tried the suggested command (thanks Moorthi):
                 ldapwhoami -U proxyuser -X u:test -Y digest-md5 -I
with no success. I got this error:

           saslauthd -d -V -a ldap -r -O /etc/saslauthd.conf

digest-md5 and saslauthd are incompatible. The cyrus library requires the
use of an auxprop store to retrieve the shared secret that the digest-md5
mechanism uses.

You could use the 'plain' or 'login' mechanisms to authenticate against
saslauthd, but you'd need to set:

sasl-secprops none

(or some other setting which allows plain authentication)

However, that's a potential security risk unless you have some other
network security layer in place.

so I can say that unfortunately there's no comunication between SASLAUTHD
and LDAP.

Now I will try the suggestion to separate saslauthd and ldapdb (thanks
Dieter)

But I'm still wondering if there's a way to work ldap server and
cyrus-sasl together. Let's be more accuratte

1.-  Connect to ldap server throught cyrus-sasl (let's say
authenticated/authorized proxyuser connected to ldap server)

If you're looking to do digest-md5 authentication directly to slapd, then
you'll probably want to look at using the internal slapd auxprop plugin.

See chapter 15 of the OpenLDAP Administrator's Guide for documentation.

2.-  Once connected to the ldap server, authenticate/authorize other user
(or any object ) saved on ldap server using previous connection done in
step 1

I'm not sure I understand what you're trying to do in step 2. Are you
attempting to authenticate some other service other than slapd?

--
Dan White