Re: PROBLEM: can't use SASL to authentication openldap client

"LI Ji D" Ji.d.Li@alcatel-lucent.com writes:

Hi, This is my comprehension:

1. The client is connecting to SLAPD requesting an SASL bind.
2. SLAPD uses the SASL subsystem (which checks the /usr/lib/sasl/slapd.conf file for settings) to tell the client how to authenticate. In this case, it tells the client to use DIGEST-MD5.
3. The client sends the authentication information to SLAPD.
4. SLAPD performs the translation specified in authz-regexp.
5. SLAPD then checks the client's response (using the SASL subsystem) against the information in /etc/sasldb2.
6. When the client authentication succeeds, OpenLDAP runs the search and returns the results to the client.

So SLAPD just compares the password received form client and the one stored in sasldb2, how could it relate to the one stored in ldap like "userPassword: {SHA}5en6G6MezRroT3XKqkdPOmY/BfQ= " ?

Sorry, my bad. I forgot that you use sasldb as an external authentication source. My remarks where based on an internal sasl authentication. Try to raise the debug level in sasl/slapd.conf, something like 'loglevel: 7'. If you use syslog, allow sasl to log to auth.

-Dieter