On 21/06/10 09:52 +0800, LI Ji D wrote:
- Then I configure the slapd.conf to be like this:
authz-policy to sasl-regexp "^uid=([^,]+),.*" "uid=$1,cn=bjims31,cn=digest-md5,cn=auth" database bdb suffix "dc=example,dc=com" rootdn "uid=111,cn=digest-md5,cn=auth"
Then I use 'saslpasswd2 -c liji1' to add a user and create /usr/lib/sasl2/slapd.conf with content:
pwcheck_method: auxprop auxprop_plugin: sasldb mech_list: plain login ntlm cram-md5 digest-md5
Then I start slapd with command 'slapd -d 1', and run
ldapwhoami with command: 'ldapwhoami -h localhost -U root -Y DIGEST-MD5 -p 389', but fails with reason: user not found: no secret in database. The log of slapd is:
slap_sasl_getdn: u:id converted to uid=liji1,cn=DIGEST-MD5,cn=auth
dnNormalize: <uid=liji1,cn=DIGEST-MD5,cn=auth>
<<< dnNormalize: <uid=liji1,cn=digest-md5,cn=auth>
==>slap_sasl2dn: converting SASL name uid=liji1,cn=digest-md5,cn=auth to a DN
slap_sasl_getdn: dn:id converted to uid=liji1,cn=bjims31,cn=digest-md5,cn=auth
SASL [conn=1] Failure: no secret in database
It's not clear which user credentials are being retrieved from sasldb. Is it uid=liji1,cn=digest-md5,cn=auth or liji1?
You could increase your cyrus debugging to get more information out of syslog: Add an:
auth.debug...
to your syslog configuration, and add this to your /usr/lib/sasl2/slapd.conf:
log_level: 7