Hi, 1. I add an: auth.debug... to my syslog configuration, and add this to my /usr/lib/sasl2/slapd.conf: log_level: 7 So slapd.conf is : pwcheck_method: auxprop auxprop_plugin: sasldb mech_list: digest-md5 log_level: 7 and syslog.conf is : *.debug;mail.none;;cron.none /var/log/messages auth.debug /var/log/secure
2. then I do /usr/local/openldap/bin/ldapsearch -U admin -b ou=people,dc=example,dc=com Log in /var/log/secure is: Aug 9 14:53:54 bjims31 last message repeated 2 times Aug 9 14:54:04 bjims31 last message repeated 3 times Aug 9 14:54:04 bjims31 ldapsearch: DIGEST-MD5 client step 3
And log in /var/log/messages is: Aug 9 14:53:56 bjims31 slapd[28549]: conn=1 fd=12 closed (connection lost) Aug 9 14:54:02 bjims31 slapd[28549]: conn=2 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" Aug 9 14:54:02 bjims31 slapd[28549]: conn=2 op=0 SRCH attr=supportedSASLMechanisms Aug 9 14:54:02 bjims31 slapd[28549]: conn=2 fd=12 ACCEPT from IP=127.0.0.1:46747 (IP=0.0.0.0:389) Aug 9 14:54:02 bjims31 slapd[28549]: conn=2 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text= Aug 9 14:54:02 bjims31 slapd[28549]: conn=2 op=1 BIND dn="" method=163 Aug 9 14:54:02 bjims31 ldapsearch: DIGEST-MD5 client step 2 Aug 9 14:54:02 bjims31 slapd[28549]: conn=2 op=1 RESULT tag=97 err=14 text=SASL(0): successful result: Aug 9 14:54:04 bjims31 ldapsearch: DIGEST-MD5 client step 2 Aug 9 14:54:04 bjims31 slapd[28549]: conn=2 op=2 BIND dn="" method=163 Aug 9 14:54:04 bjims31 slapd[28549]: <= bdb_equality_candidates: (objectClass) not indexed Aug 9 14:54:04 bjims31 slapd[28549]: <= bdb_equality_candidates: (cn) not indexed Aug 9 14:54:04 bjims31 slapd[28549]: conn=2 op=2 BIND authcid="admin" authzid="admin" Aug 9 14:54:04 bjims31 slapd[28549]: conn=2 op=2 BIND dn="cn=admin,ou=people,dc=example,dc=com" mech=DIGEST-MD5 sasl_ssf=128 ssf=128 Aug 9 14:54:04 bjims31 slapd[28549]: conn=2 op=2 RESULT tag=97 err=0 text= Aug 9 14:54:04 bjims31 ldapsearch: DIGEST-MD5 client step 3 Aug 9 14:54:04 bjims31 slapd[28549]: conn=2 op=3 SRCH base="ou=people,dc=example,dc=com" scope=2 deref=0 filter="(objectClass=*)" Aug 9 14:54:04 bjims31 slapd[28549]: conn=2 op=3 SEARCH RESULT tag=101 err=0 nentries=2 text= Aug 9 14:54:04 bjims31 slapd[28549]: conn=2 op=4 UNBIND Aug 9 14:54:04 bjims31 slapd[28549]: conn=2 fd=12 closed
-----Original Message----- From: openldap-technical-bounces@openldap.org [mailto:openldap-technical-bounces@openldap.org] On Behalf Of Dieter Kluenter Sent: Friday, August 06, 2010 6:37 PM To: openldap-technical@openldap.org Subject: Re: PROBLEM: can't use SASL to authentication openldap client
"LI Ji D" Ji.d.Li@alcatel-lucent.com writes:
Hi, Klünter Now I can use sasl to authenticate, but openldap seems using the password attribute stored in user in openldap to do the sasl. I expect openldap to use sasldb as an external source to do the authentication.
enable debugging of the sasl library. Set debug 7 in sasl2/slapd.conf and enable syslog to log auth.
-Dieter