[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[RESOLVED] EXTERNAL mech missing
On Mon, Dec 17, 2012 at 12:46:17PM -0600, Dan White wrote:
> Verify that your password, stored within userPassword, is in plain text
> (when uudecoded). I do not recommend attempting to use 'pwcheck_method:
> auprop-hashed' with the slapd auxprop.
I confirm it was the problem: using saslauthd it works fine.
Here is my setup for reference. It does not use EXTERNAL on ldapi:///
after all
/usr/pkg/etc/openldap/slapd.conf:
authz-policy any
authz-regexp uid=([^,]*),cn=(plain|login|otp|external),cn=auth
ldap:///dc=example,dc=net??sub?(uid=$1)
/usr/pkg/lib/sasl2/slapd.conf
pwcheck_method: saslauthd
saslauthd_path: /var/run/saslauthd/mux
mech_list: PLAIN LOGIN
/usr/pkg/etc/saslauthd.conf
ldap_servers: ldaps://ldap.example.net
ldap_search_base: dc=example,dc=net
ldap_use_sasl: no
saslauthd is built with LDAP support and is started as:
saslauthd -a ldap
Testing without slapd:
testsaslauthd -u someone -p password -s slapd
Now using authzid. In DIT:
dn: uid=someone,dc=example,dc=net
authzFrom: {0}dn:uid=manu,dc=example,dc=net
Everything is fine:
$ ldapwhoami -Y PLAIN -X u:someone -U manu
SASL/PLAIN authentication started
Please enter your password: [manu's password]
SASL username: u:someone
SASL SSF: 0
dn:uid=someone,dc=example,dc=net
--
Emmanuel Dreyfus
manu@netbsd.org