On 02/03/12 16:12 +0530, Gaurav Gugnani wrote:
Hello All,
I've installed the cyrus-sasl-md5-2.1.22-5.el5_4.3.x86_64.rpm package.
*Logs:*
/root>pluginviewer
Installed SASL (server side) mechanisms are:
*CRAM-MD5 ANONYMOUS DIGEST-MD5 PLAIN LOGIN EXTERNAL*
......
**
/u01/app/openldap/product/2.4.26/etc/openldap>ldapsearch -x -b "" -s base -LLL supportedSASLMechanisms dn: *supportedSASLMechanisms: CRAM-MD5 supportedSASLMechanisms: DIGEST-MD5**
and again started with SASL process (tried several times) but everytime... got an error: *Steps i followed:* 1> saslpasswd2 -c sasluser3 2> sasldblistusers2
These two steps are not necessary.
3> Stop LDAP 4> edit slapd.conf and add following lines: password-hash {CLEARTEXT} sasl-regexp uid=(.*),cn=DIGEST-MD5,cn=auth uid=$1,ou=System,o=xyz 5> Start LDAP 6> Add account from ldif: add_sasl_accnt3.ldif
# TEST Account for SASL: dn: uid=sasluser3,ou=System,o=xyz uid: sasluser3 ou: System description: Special account for SASL Testing userPassword: sasluser3 objectClass: account objectClass: simpleSecurityObject 7> ldapadd -x -D cn=Manager,o=xyz -W -f add_sasl_accnt3.ldif 8> *ldapsearch -Y DIGEST-MD5 -U sasluser3 -b 'o=xyz'* Or *ldapsearch -U sasluser5 -b 'o=xyz'*
But evrytime got error as: SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): user not found: no secret in database
This is an error indicating that the user entry within ldap could not be found, and two possible reasons are you do not have ACLs configured properly, or your sasl-regexp is misconfigured.
Depending on the version of slapd, 'sasl-regexp' should instead be 'authz-regexp'. It appears from the output below that you are using version 2.4.26, so you should using 'authz-regexp'.
For documentation on configuring them, reference the OpenLDAP 2.4 Admin Guide.
For trouble shooting ACL misconfigurations, try running slapd in debug mode, or increase your logging.
On Thu, Feb 2, 2012 at 11:13 PM, Gaurav Gugnani gugnanigaurav@gmail.comwrote:
Hello,
Thks for helping me out. Yes, the package is missing.
The O/P of plugin viewer: /u01/app/openldap/product/2.4.26/etc/openldap>pluginviewer Installed SASL (server side) mechanisms are: ANONYMOUS PLAIN LOGIN EXTERNAL