Hi, My problem is that I expect slapd to authenticate with the password stored in sasldb. But it's not, it uses the password stored in userpassword attribute of this user which is a item of openldap. So I want to know, how can slapd use password stored in sasldb to do the sasl authentication.
Thanks
-----Original Message----- From: openldap-technical-bounces@openldap.org [mailto:openldap-technical-bounces@openldap.org] On Behalf Of Dieter Kluenter Sent: Monday, August 09, 2010 4:48 PM To: openldap-technical@openldap.org Subject: Re: PROBLEM: can't use SASL to authentication openldap client
Hi,
"LI Ji D" Ji.d.Li@alcatel-lucent.com writes:
Hi,
- I add an: auth.debug... to my syslog configuration, and add this to my /usr/lib/sasl2/slapd.conf: log_level: 7
So slapd.conf is : pwcheck_method: auxprop auxprop_plugin: sasldb mech_list: digest-md5 log_level: 7 and syslog.conf is : *.debug;mail.none;;cron.none /var/log/messages auth.debug /var/log/secure
- then I do /usr/local/openldap/bin/ldapsearch -U admin -b ou=people,dc=example,dc=com
Log in /var/log/secure is: Aug 9 14:53:54 bjims31 last message repeated 2 times Aug 9 14:54:04 bjims31 last message repeated 3 times Aug 9 14:54:04 bjims31 ldapsearch: DIGEST-MD5 client step 3
And log in /var/log/messages is: Aug 9 14:53:56 bjims31 slapd[28549]: conn=1 fd=12 closed (connection lost) Aug 9 14:54:02 bjims31 slapd[28549]: conn=2 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" Aug 9 14:54:02 bjims31 slapd[28549]: conn=2 op=0 SRCH attr=supportedSASLMechanisms Aug 9 14:54:02 bjims31 slapd[28549]: conn=2 fd=12 ACCEPT from IP=127.0.0.1:46747 (IP=0.0.0.0:389) Aug 9 14:54:02 bjims31 slapd[28549]: conn=2 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text= Aug 9 14:54:02 bjims31 slapd[28549]: conn=2 op=1 BIND dn="" method=163 Aug 9 14:54:02 bjims31 ldapsearch: DIGEST-MD5 client step 2 Aug 9 14:54:02 bjims31 slapd[28549]: conn=2 op=1 RESULT tag=97 err=14 text=SASL(0): successful result: Aug 9 14:54:04 bjims31 ldapsearch: DIGEST-MD5 client step 2 Aug 9 14:54:04 bjims31 slapd[28549]: conn=2 op=2 BIND dn="" method=163 Aug 9 14:54:04 bjims31 slapd[28549]: <= bdb_equality_candidates: (objectClass) not indexed Aug 9 14:54:04 bjims31 slapd[28549]: <= bdb_equality_candidates: (cn) not indexed Aug 9 14:54:04 bjims31 slapd[28549]: conn=2 op=2 BIND authcid="admin" authzid="admin" Aug 9 14:54:04 bjims31 slapd[28549]: conn=2 op=2 BIND dn="cn=admin,ou=people,dc=example,dc=com" mech=DIGEST-MD5 sasl_ssf=128 ssf=128
This is a successful bind, what is your problem here?
-Dieter