Hi,
I'm using openldap 2.4.19 to set up an ldap server with sasl, but I get some problems.
I followed the instruction in http://www.openldap.org/doc/admin24/sasl.html to do the installation.
1. I install cyrus-sasl-2.1.22 successfully, and use the Cyrus SASL sample_client and sample_server to test my SASL installation before attempting to make use of it with OpenLDAP Software.
2. Then I install openldap with commands:
#export CPPFLAGS="-I/usr/local/BerkeleyDB.4.8/include -I/usr/local/sasl2/include"
#export LDFLAGS="-L/usr/local/BerkeleyDB.4.8/lib -L/usr/local/sasl2/lib -L/usr/local/sasl2/lib/sasl2"
# export LD_LIBRARY_PATH="/usr/local/BerkeleyDB.4.8/lib"
#./configure --prefix=/usr/local/openldap --sysconfdir=/etc/openldap --enable-passwd --enable-wrappers --disable-ipv6 --enable-spasswd --enable-crypt --enable-modules --enable-accesslog=yes
#make depend
#make
#make test
#make install
#cp /usr/local/openldap/var/openldap-data/DB_CONFIG.example /usr/local/openldap/var/openldap-data/DB_CONFIG
there is no error while install.
3. Then I configure the slapd.conf to be like this:
include /usr/local/openldap/schema/core.schema
include /usr/local/openldap/schema/cosine.schema
include /usr/local/openldap/schema/inetorgperson.schema
include /usr/local/openldap/schema/openldap.schema
include /usr/local/openldap/schema/nis.schema
pidfile /usr/local/openldap/slapd.1.pid
argsfile /usr/local/openldap/slapd.1.args
authz-policy to
sasl-regexp "^uid=([^,]+),.*" "uid=$1,cn=bjims31,cn=digest-md5,cn=auth"
database bdb
suffix "dc=example,dc=com"
rootdn "uid=111,cn=digest-md5,cn=auth"
4. Then I use 'saslpasswd2 -c liji1' to add a user and create /usr/lib/sasl2/slapd.conf with content:
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: plain login ntlm cram-md5 digest-md5
5. Then I start slapd with command 'slapd -d 1', and run ldapwhoami with command: 'ldapwhoami -h localhost -U root -Y DIGEST-MD5 -p 389', but fails with reason: user not found: no secret in database. The log of slapd is:
slap_listener_activate(7):
slap_listener(ldap:///)
connection_get(12): got connid=1
connection_read(12): checking for input on id=1
ber_get_next
ber_get_next: tag 0x30 len 32 contents:
op tag 0x60, time 1276849696
ber_get_next
conn=1 op=0 do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt ({m) ber:
ber_scanf fmt (}}) ber:
dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_bind: dn () SASL mech DIGEST-MD5
SASL [conn=1] Debug: DIGEST-MD5 server step 1
send_ldap_sasl: err=14 len=180
send_ldap_response: msgid=1 tag=97 err=14
ber_flush2: 233 bytes to sd 12
<== slap_sasl_bind: rc=14
connection_get(12): got connid=1
connection_read(12): checking for input on id=1
ber_get_next
ber_get_next: tag 0x30 len 296 contents:
op tag 0x60, time 1276849697
ber_get_next
conn=1 op=1 do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt ({m) ber:
ber_scanf fmt (m) ber:
ber_scanf fmt (}}) ber:
dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_bind: dn () SASL mech DIGEST-MD5
SASL [conn=1] Debug: DIGEST-MD5 server step 2
slap_sasl_getdn: u:id converted to uid=liji1,cn=DIGEST-MD5,cn=auth
dnNormalize: <uid=liji1,cn=DIGEST-MD5,cn=auth>
<<< dnNormalize: <uid=liji1,cn=digest-md5,cn=auth>
==>slap_sasl2dn: converting SASL name uid=liji1,cn=digest-md5,cn=auth to a DN
==> rewrite_context_apply [depth=1] string='uid=liji1,cn=digest-md5,cn=auth'
==> rewrite_rule_apply rule='^uid=([^,]+),.*' string='uid=liji1,cn=digest-md5,cn=auth' [1 pass(es)]
==> rewrite_context_apply [depth=1] res={0,'uid=liji1,cn=bjims31,cn=digest-md5,cn=auth'}
slap_parseURI: parsing uid=liji1,cn=bjims31,cn=digest-md5,cn=auth
ldap_url_parse_ext(uid=liji1,cn=bjims31,cn=digest-md5,cn=auth)
dnNormalize: <uid=liji1,cn=bjims31,cn=digest-md5,cn=auth>
<<< dnNormalize: <uid=liji1,cn=bjims31,cn=digest-md5,cn=auth>
<==slap_sasl2dn: Converted SASL name to uid=liji1,cn=bjims31,cn=digest-md5,cn=auth
slap_sasl_getdn: dn:id converted to uid=liji1,cn=bjims31,cn=digest-md5,cn=auth
SASL [conn=1] Failure: no secret in database
send_ldap_result: conn=1 op=1 p=3
send_ldap_response: msgid=2 tag=97 err=49
ber_flush2: 70 bytes to sd 12
<== slap_sasl_bind: rc=49
connection_get(12): got connid=1
connection_read(12): checking for input on id=1
ber_get_next
ber_get_next on fd 12 failed errno=0 (Success)
connection_close: conn=1 sd=12
What am I doing wrong?
Thanks
liji