-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2/17/10 5:34 AM, Geoff Baker wrote:
Hi,
I have a Red Hat 5 machine that I have compiled openldap-2.4.19 with the --enable-spasswd option. I have configured saslauth to do its thing as per the instructions on http://www.openldap.org/doc/admin24/security.html#Authentication%20Methods
I cannot seem to add the userPassword:: {SASL} user@domain part though. If i try to import a ldif like the following:
dc: uid=user,dc=domain changetype: modify replace: userpassword userPassword:: {SASL} user@domain
I get an error saying ldapmodify: invalid format (line 4) entry: ""
if i change it to be userpassword: {SASL} user@domain - that works but the entry is hashed (is that ok?)
Then when i try to do a bind with that user account i get invalid credentials... Can somebody please help me try to work out why openldap doesn't seem to be passing on the request to SASL?
The correct format is:
userPassword: {SASL}user@domain
(No spaces between {SASL} and the user@domain parts)
I have this working on RHEL4 with OpenLDAP 2.3 -- I have not been successful (haven't spent a lot of time trying either) getting openldap-2.4.21 built on RHEL5 to communicate with RHEL5's sasl, yet.
- -- Frank Swasey | http://www.uvm.edu/~fcs Sr Systems Administrator | Always remember: You are UNIQUE, University of Vermont | just like everyone else. "I am not young enough to know everything." - Oscar Wilde (1854-1900)