Hello,
I am running OpenLDAP v2.3.39 and have some questions regarding SASL. Is it possible to use realms with DIGEST-MD5 and no saslauthdb running? I am using ldap to store the uid and password and authz-regexp statements to map user ids. However, it seems that ldap tools do not pass the realm parameter to the server with my setup.
example:
ldapsearch -Y digest-md5 -U eric -R example.com
slapd debug:
do_sasl_bind: dn () mech DIGEST-MD5 SASL [conn=8] Debug: DIGEST-MD5 server step 2 slap_sasl_getdn: u:id converted to uid=deploy,cn=DIGEST-MD5,cn=auth
dnNormalize: <uid=eric,cn=DIGEST-MD5,cn=auth>
<<< dnNormalize: <uid=eric,cn=digest-md5,cn=auth> ==>slap_sasl2dn: converting SASL name uid=eric,cn=digest-md5,cn=auth to a DN
How come the realm parameter is missing?
Here is the authz-regexp I have in slapd.conf:
authz-regexp
uid=([^,]*),cn=example.com,cn=digest-md5,cn=auth
ldap:///ou=users,dc=example,dc=com??sub?(&(uid=$1)(objectClass=posixAccount))
Thanks!
Eric
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
openldap-software@openldap.org
-
Eric