Hii List,
I have openldap-2.4.7 configured with
openssl which was working fine till date.
Now I have installed Cyrus-SASL-2.2.21
without any problems.
I have rebuilt our openldap-2.4.7 as
[root@as3 libexec]# env LD_LIBRARY_PATH="/usr/local/BerkeleyDB.4.6/lib:/usr/loc
al/lib/sasl2:/usr/local/ssl/lib"
CPPFLAGS="-I/usr/local/BerkeleyDB.4.6/include
-I/usr/local/ssl/include -I/usr/local/include"
LDFLAGS="-L/usr/local/ssl/lib -L
/usr/local/BerkeleyDB.4.6/lib -L/usr/local/lib/sasl2
-R/usr/local/lib -R/usr/lo
cal/lib/sasl2 -R/usr/local/Berkeley.DB.4.6
-R/usr/local/ssl/lib" LIBS=-ldl ./co
nfigure --with-tls=openssl --with-cyrus-sasl
Every thing went fine.
We would like to use SASL/GSSAPI mechanism(we
have working kerberos)
I have added the following lines to
my slapd.conf file:
authz-regexp
uid=([^,]*),cn=bsnl.com,cn=gssapi,cn=auth
uid=$1,ou=people,dc=bsnl,dc=com
I have given a space before uid lines...
Is it correct?
I have written the lines specified in
the admin guide for testing..
{ Also anyone please tell me from
where can I get more info about authz-regexp directive and the values it
can take....}
Now when i start slapd as:
slapd -d127 -h "ldaps:///"
ps -ef|grep slapd is showing
root 3912 7442
0 18:40 pts/2 00:00:00 slapd -d127 -h ldaps:///
root 3919 3516
0 18:44 pts/4 00:00:00 grep slapd
and part of debug info regarding slapd
start is:
daemon: new connection on 12
daemon: added 12r
daemon: activity on:
daemon: select: listen=6 active_threads=0
tvp=NULL
daemon: select: listen=7 active_threads=0
tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 12r
daemon: read activity on 12
connection_get(12)
connection_get(12): got connid=1
connection_read(12): checking for input
on id=1
TLS trace: SSL_accept:before/accept
initialization
tls_read: want=11, got=0
TLS: can't accept.
connection_read(12): TLS accept error
error=-1 id=1, closing
connection_closing: readying conn=1
sd=12 for close
connection_close: conn=1 sd=12
daemon: removing 12
daemon: select: listen=6 active_threads=0
tvp=NULL
daemon: select: listen=7 active_threads=0
tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0
tvp=NULL
daemon: select: listen=7 active_threads=0
tvp=NULL
Till date there was no problem with
SSL-LDAP combination and it started giving trouble after SASL support was
added
I have created principal for slapd as
specified in the guide.
Also created one slapd.conf file for
use with saslauthd daemon.It has:
pwcheck_method: saslauthd
saslauthd_path: /var/run/saslauthd/mux
mech_list: plain login ntlm kerberos5
~
~
I dont know where to start for making
the entire combination to work....
Please help me to get this sorted ...
I shall be gratefule for every response
Thanx in advance...
Regards,
Padma.=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you