Jittinan Suwanrueangsri jittinan2@gmail.com writes:
Dieter Kluenter wrote:
Jittinan Suwanrueangsri <jittinan2@gmail.com> writes:
[...]
There is nothing special to do. ldapsearch -Y DIGEST-MD5 -U foo -w secret -H ldap://myhost -b dc=example,dc=com ... All you have to do is to set the userPassword value as plaintext, otherwise the challenge cannot be created. If you want to parse the sasl authentication string to a DN, than you have to define a authz-regexp in in slapd.conf(5) and the user has to have a uid attribute.
[...]
I still can not authenticate by using password from userPassword attribute .I also attach 2 configuration files with this email. Are there any missing configuration?
Could you provide some logs?
[...]
# slapd.conf - Configuration file for LDAP SLAPD ########## authz-regexp uid=([^,]+).*,cn=auth uid=$1,ou=Users,dc=example,dc=com authz-regexp email=([^,]+),cn=([^,]+).*,c=TH$ uid=$2,ou=Users,dc=example,dc=com sasl-realm example.com sasl-secprops none
Is there any particular reason to define the second authz-regexp rule?
access to attrs=userPassword by self write by anonymous auth by * none access to dn.subtree="ou=System,dc=example,dc=com" by group/groupOfUniqueNames/uniqueMember="cn=Ldap Admins,ou=Groups,dc=example,dc=com" write by users read
access to * by self write by users read by * none
[...]
run slapd -d acl and post the relevant parts.
-Dieter