[Date Prev][Date Next] [Chronological] [Thread] [Top]

[RESOLVED] EXTERNAL mech missing



On Mon, Dec 17, 2012 at 12:46:17PM -0600, Dan White wrote:
> Verify that your password, stored within userPassword, is in plain text
> (when uudecoded). I do not recommend attempting to use 'pwcheck_method:
> auprop-hashed' with the slapd auxprop.

I confirm it was the problem: using saslauthd it works fine.

Here is my setup for reference. It does not use EXTERNAL on ldapi:/// 
after all

/usr/pkg/etc/openldap/slapd.conf:
    authz-policy any
    authz-regexp uid=([^,]*),cn=(plain|login|otp|external),cn=auth
             ldap:///dc=example,dc=net??sub?(uid=$1)

/usr/pkg/lib/sasl2/slapd.conf                                        
    pwcheck_method: saslauthd
    saslauthd_path: /var/run/saslauthd/mux
    mech_list: PLAIN LOGIN

/usr/pkg/etc/saslauthd.conf
    ldap_servers: ldaps://ldap.example.net
    ldap_search_base: dc=example,dc=net
    ldap_use_sasl: no


saslauthd is built with LDAP support and is started as:
    saslauthd -a ldap

Testing without slapd:
    testsaslauthd -u someone -p password -s slapd 

Now using authzid. In DIT:
    dn: uid=someone,dc=example,dc=net
    authzFrom: {0}dn:uid=manu,dc=example,dc=net

Everything is fine:
    $ ldapwhoami -Y PLAIN -X u:someone -U manu
    SASL/PLAIN authentication started
    Please enter your password: [manu's password]
    SASL username: u:someone
    SASL SSF: 0
    dn:uid=someone,dc=example,dc=net




-- 
Emmanuel Dreyfus
manu@netbsd.org