Re: Problems Enabling Authentication using Cyrus SASL

[Dan White <dwhite@olp.net>]

On 17/11/10 11:09 -0400, Fernando Torrez wrote:
>   I tried the suggested command (thanks Moorthi):
>                  ldapwhoami -U proxyuser -X u:test -Y digest-md5 -I
> with no success. I got this error:

>            saslauthd -d -V -a ldap -r -O /etc/saslauthd.conf

digest-md5 and saslauthd are incompatible. The cyrus library requires the
use of an auxprop store to retrieve the shared secret that the digest-md5
mechanism uses.

You could use the 'plain' or 'login' mechanisms to authenticate against
saslauthd, but you'd need to set:

sasl-secprops none

(or some other setting which allows plain authentication)

However, that's a potential security risk unless you have some other
network security layer in place.

> so I can say that unfortunately there's no comunication between SASLAUTHD
> and LDAP.
>
> Now I will try the suggestion to separate saslauthd and ldapdb (thanks
> Dieter)
>
> But I'm still wondering if there's a way to work ldap server and
> cyrus-sasl together. Let's be more accuratte
>
> 1.-  Connect to ldap server throught cyrus-sasl (let's say
> authenticated/authorized proxyuser connected to ldap server)

If you're looking to do digest-md5 authentication directly to slapd, then
you'll probably want to look at using the internal slapd auxprop plugin.

See chapter 15 of the OpenLDAP Administrator's Guide for documentation.

> 2.-  Once connected to the ldap server, authenticate/authorize other user
> (or any object ) saved on ldap server using previous connection done in
> step 1

I'm not sure I understand what you're trying to do in step 2. Are you
attempting to authenticate some other service other than slapd?

--
Dan White