On 05/08/10 16:35 +0800, LI Ji D wrote:
Hi, Klünter Now I can use sasl to authenticate, but openldap seems using the password attribute stored in user in openldap to do the sasl. I expect openldap to use sasldb as an external source to do the authentication.
- My slapd.conf is below:
include /usr/local/openldap/schema/core.schema include /usr/local/openldap/schema/cosine.schema include /usr/local/openldap/schema/inetorgperson.schema include /usr/local/openldap/schema/openldap.schema include /usr/local/openldap/schema/nis.schema pidfile /usr/local/openldap/slapd.1.pid argsfile /usr/local/openldap/slapd.1.args password-hash {CLEARTEXT} authz-regexp uid=(.*),cn=DIGEST-MD5,cn=auth ldap:///ou=people,dc=example,dc=com??one?(cn=$1) binddn="uid=proxy,ou=People,dc=example,dc=com" credentials=proxy mode=self
database bdb suffix "ou=people,dc=example,dc=com" rootdn "cn=admin,ou=people,dc=example,dc=com"
- and also I create slapd.conf in /usr/local/sasl2/lib/sasl2/slapd.conf
content is : pwcheck_method: auxprop auxprop_plugin: sasldb mech_list: digest-md5
You may have hit the same issue that Brent did. Most likely you will need to create this file within /usr/lib/sasl2 or /etc/sasl2 instead.
Alternatively, you can set the environment variable SASL_CONF_PATH to instruct the sasl glue library where to search for config files. See the man page for sasl_getconfpath_t for details.