On 17/11/10 11:09 -0400, Fernando Torrez wrote:
I tried the suggested command (thanks Moorthi): ldapwhoami -U proxyuser -X u:test -Y digest-md5 -I with no success. I got this error:
saslauthd -d -V -a ldap -r -O /etc/saslauthd.conf
digest-md5 and saslauthd are incompatible. The cyrus library requires the use of an auxprop store to retrieve the shared secret that the digest-md5 mechanism uses.
You could use the 'plain' or 'login' mechanisms to authenticate against saslauthd, but you'd need to set:
sasl-secprops none
(or some other setting which allows plain authentication)
However, that's a potential security risk unless you have some other network security layer in place.
so I can say that unfortunately there's no comunication between SASLAUTHD and LDAP.
Now I will try the suggestion to separate saslauthd and ldapdb (thanks Dieter)
But I'm still wondering if there's a way to work ldap server and cyrus-sasl together. Let's be more accuratte
1.- Connect to ldap server throught cyrus-sasl (let's say authenticated/authorized proxyuser connected to ldap server)
If you're looking to do digest-md5 authentication directly to slapd, then you'll probably want to look at using the internal slapd auxprop plugin.
See chapter 15 of the OpenLDAP Administrator's Guide for documentation.
2.- Once connected to the ldap server, authenticate/authorize other user (or any object ) saved on ldap server using previous connection done in step 1
I'm not sure I understand what you're trying to do in step 2. Are you attempting to authenticate some other service other than slapd?