Full_Name: jackli Version: 2.4.16 OS: fedora9 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (121.41.165.157)
I searched this problem from mail list, and there is no response for it. I'm really suffering this for a week. Any help will be greatly appreciated! Please help.
Jack
hi all,
i've got a problem with the sasl authentication using digest-md5 and multiple realms with my openldapServer 2.3.19 (fc5, yum).
i want to be able to authenticate against different subtrees of the dit by using different realms and i was reading as many documentation, howtos and so on as i was able to find at the net for at least the last 7 days. i don't get it running...!
currently, for testing, i use two different realms:
mydomain.net (o=home,dc=mydit,dc=lan) test.mydomain.net (o=test,dc=mydit,dc=lan)
in the slapd.conf i added:
# sasl-realm mydomain.net authz-regexp uid=(.*),cn=test.mydomain.net,cn=digest-md5,cn=auth uid=$1,ou=users,o=test,dc=ditroot
authz-regexp uid=(.*),cn=mydomain.net,cn=digest-md5,cn=auth uid=$1,ou=users,o=home,dc=ditroot
authz-regexp uid=(.*),cn=digest-md5,cn=auth uid=$1,ou=users,o=home,dc=ditroot
as you can see, the sasl-realm parameter is commented. whether or not i comment or uncomment it, it does not work. (actualy it works, but only either for the default realm or through the last sasl-regexp
if i set it, all authentication attemps are of the format:
uid=XY,cn=mydomain.net,cn=digest-md5,cn=auth
if i do not set it, all authentication is done using:
uid=XY,cn=digest-md5,cn=auth
i realy tried a lot, e.g.: (things like -h, ... are covered by the ldap.conf)
- ldapwhoami -U XY -R test.mydomain.net - ldapwhoami -U XY@test.mydomain.net - ldapsearch -U XY -R test.mydomain.net - ldap...
of course all of those test where performed with different -R, ... values.
i realy do not know what to do anymore, i've got no more ideas...
also what i do not understand is whether or not this is a problem with my cyrus-sasl installation, but i cannot imagine that. i guess i'm missing something but i don't know what.
can someone help me with this, please?
have a nice day...
d.a.s.