Hii List,
I have openldap-2.4.7 configured with openssl which was working fine till date. Now I have installed Cyrus-SASL-2.2.21 without any problems. I have rebuilt our openldap-2.4.7 as
[root@as3 libexec]# env LD_LIBRARY_PATH="/usr/local/BerkeleyDB.4.6/lib:/usr/loc al/lib/sasl2:/usr/local/ssl/lib" CPPFLAGS="-I/usr/local/BerkeleyDB.4.6/include -I/usr/local/ssl/include -I/usr/local/include" LDFLAGS="-L/usr/local/ssl/lib -L /usr/local/BerkeleyDB.4.6/lib -L/usr/local/lib/sasl2 -R/usr/local/lib -R/usr/lo cal/lib/sasl2 -R/usr/local/Berkeley.DB.4.6 -R/usr/local/ssl/lib" LIBS=-ldl ./co nfigure --with-tls=openssl --with-cyrus-sasl
Every thing went fine.
We would like to use SASL/GSSAPI mechanism(we have working kerberos) I have added the following lines to my slapd.conf file:
authz-regexp uid=([^,]*),cn=bsnl.com,cn=gssapi,cn=auth uid=$1,ou=people,dc=bsnl,dc=com
I have given a space before uid lines... Is it correct? I have written the lines specified in the admin guide for testing.. { Also anyone please tell me from where can I get more info about authz-regexp directive and the values it can take....}
Now when i start slapd as: slapd -d127 -h "ldaps:///"
ps -ef|grep slapd is showing
root 3912 7442 0 18:40 pts/2 00:00:00 slapd -d127 -h ldaps:/// root 3919 3516 0 18:44 pts/4 00:00:00 grep slapd
and part of debug info regarding slapd start is: daemon: new connection on 12 daemon: added 12r daemon: activity on: daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptors daemon: activity on: 12r daemon: read activity on 12 connection_get(12) connection_get(12): got connid=1 connection_read(12): checking for input on id=1 TLS trace: SSL_accept:before/accept initialization tls_read: want=11, got=0
TLS: can't accept. connection_read(12): TLS accept error error=-1 id=1, closing connection_closing: readying conn=1 sd=12 for close connection_close: conn=1 sd=12 daemon: removing 12 daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptors daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL
Till date there was no problem with SSL-LDAP combination and it started giving trouble after SASL support was added I have created principal for slapd as specified in the guide. Also created one slapd.conf file for use with saslauthd daemon.It has: pwcheck_method: saslauthd saslauthd_path: /var/run/saslauthd/mux mech_list: plain login ntlm kerberos5 ~ ~ I dont know where to start for making the entire combination to work.... Please help me to get this sorted ... I shall be gratefule for every response Thanx in advance...
Regards, Padma. =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you
openldap-software@openldap.org