"LI Ji D" Ji.d.Li@alcatel-lucent.com writes:
Hi, Klünter Now I can use sasl to authenticate, but openldap seems using the password attribute stored in user in openldap to do the sasl. I expect openldap to use sasldb as an external source to do the authentication.
- My slapd.conf is below: include
/usr/local/openldap/schema/core.schema include /usr/local/openldap/schema/cosine.schema include /usr/local/openldap/schema/inetorgperson.schema include /usr/local/openldap/schema/openldap.schema include /usr/local/openldap/schema/nis.schema pidfile /usr/local/openldap/slapd.1.pid argsfile /usr/local/openldap/slapd.1.args password-hash {CLEARTEXT} authz-regexp uid=(.*),cn=DIGEST-MD5,cn=auth ldap:///ou=people,dc=example,dc=com??one?(cn=$1) binddn="uid=proxy,ou=People,dc=example,dc=com" credentials=proxy mode=self
database bdb suffix "ou=people,dc=example,dc=com" rootdn "cn=admin,ou=people,dc=example,dc=com"
- and also I create slapd.conf in
/usr/local/sasl2/lib/sasl2/slapd.conf content is : pwcheck_method: auxprop auxprop_plugin: sasldb mech_list: digest-md5
- I use saslpasswd2 to create use and password.
Can you help to check this?
Two questions: 1. has slapd been compiled with spasswd? The default setting is no. 2. has the identity that runs slapd read access to sasldb? On most systems slapd runs as user ldap and sasldb is owned by root.
-Dieter