On 12/17/12 17:28 +0000, Emmanuel Dreyfus wrote:
On Mon, Dec 17, 2012 at 11:08:11AM -0600, Dan White wrote:
# su -m someone -c 'ldapwhoami -U uid=someone,dc=example,dc=net \ -Y PLAIN -H ldaps://ldap.example.net'
That command doesn't make sense. '-U uid=someone,dc=example,dc=net' should be '-U someone' instead,
I trired that and got the same result.
and you should create new authz-regexp rules to map a sasl PLAIN identity of 'someone' to uid=someone,dc=example,dc=net.
I did this. With debug acl level, I can see that the uid=someone,dc=example,dc=net is tired for auth, but it fails.
What SASL errors do you see? Check your syslog (auth facility).
Verify that your password, stored within userPassword, is in plain text (when uudecoded). I do not recommend attempting to use 'pwcheck_method: auprop-hashed' with the slapd auxprop.
If not, you could inject saslauthd (with ldap backend) into the mix to support hashed password storage for SASL PLAIN and LOGIN binds. However, DIGEST-MD5 will not work with saslauthd.