Hello All,
Thks for helping me out, however i'm still stuck in middle of it and the issue has not yet resolved.
Error:
/u01/app/openldap/product/2.4.26/etc/openldap>ldapsearch -Y DIGEST-MD5 -U sasluser7 -b 'o=xyz'
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): user not found: no secret in database
I checked for ACL and also now i'm using authz with following lines:
authz-regexp uid=([^,]*),cn=DIGEST-MD5,cn=auth uid=$1,ou=System,o=xyz
access to attrs="userpassword"
by self write
by anonymous auth
by dn="uid=sasluser7,ou=System,o=xyz" read
access to dn.base="o=xyz"
by dn="uid=sasluser7,ou=System,o=xyz" read
by users read
access to dn.subtree="ou=Subscribers,o=xyz"
by dn="uid=sasluser7,ou=System,o=xyz" read
access to *
by self write
by dn="uid=sasluser7,ou=System,o=xyz" read
I hope it is fine.
Moreover, we can say that the user is created:
/u01/app/openldap/product/2.4.26/etc/openldap>ldapsearch -x -W -D 'cn=manager,o=xyz' -b 'uid=sasluser7,ou=System,o=xyz'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <uid=sasluser7,ou=System,o=xyz> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# sasluser7, System, xyz
dn: uid=sasluser7,ou=System,o=xyz
uid: sasluser7
ou: System
description: Special account for SASL Testing
userPassword:: c2FzbVHzZXI3
objectClass: account
objectClass: simpleSecurityObject
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Also, i would like to highlight one thing:
That when i check for sasl dblist users - it thorws me an error. Can that be an issue point?
/u01/app/openldap/product/2.4.26/etc/openldap>sasldblistusers
-bash: sasldblistusers: command not found
Please help me out in moving forward. Thks a lot for your support.
Regards,
Gaurav Gugnani
On 02/03/12 16:12 +0530, Gaurav Gugnani wrote:
Hello All,
I've installed the cyrus-sasl-md5-2.1.22-5.el5_4.3.x86_64.rpm package.*Logs:*
*CRAM-MD5 ANONYMOUS DIGEST-MD5 PLAIN LOGIN EXTERNAL*
/root>pluginviewer
Installed SASL (server side) mechanisms are:
......
***supportedSASLMechanisms: CRAM-MD5
/u01/app/openldap/product/2.4.26/etc/openldap>ldapsearch -x -b "" -s base
-LLL supportedSASLMechanisms
dn:
supportedSASLMechanisms: DIGEST-MD5***Steps i followed:*
*
and again started with SASL process (tried several times) but everytime...
got an error:
1> saslpasswd2 -c sasluser3
2> sasldblistusers2
These two steps are not necessary.
3> Stop LDAP8> *ldapsearch -Y DIGEST-MD5 -U sasluser3 -b 'o=xyz'*
4> edit slapd.conf and add following lines:
password-hash {CLEARTEXT}
sasl-regexp uid=(.*),cn=DIGEST-MD5,cn=auth uid=$1,ou=System,o=xyz
5> Start LDAP
6> Add account from ldif:
add_sasl_accnt3.ldif
----------------------------
# TEST Account for SASL:
dn: uid=sasluser3,ou=System,o=xyz
uid: sasluser3
ou: System
description: Special account for SASL Testing
userPassword: sasluser3
objectClass: account
objectClass: simpleSecurityObject
7> ldapadd -x -D cn=Manager,o=xyz -W -f add_sasl_accnt3.ldif
Or
*ldapsearch -U sasluser5 -b 'o=xyz'*
But evrytime got error as:
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): user not found: no secret in database
This is an error indicating that the user entry within ldap could not be
found, and two possible reasons are you do not have ACLs configured
properly, or your sasl-regexp is misconfigured.
Depending on the version of slapd, 'sasl-regexp' should instead be
'authz-regexp'. It appears from the output below that you are using version
2.4.26, so you should using 'authz-regexp'.
For documentation on configuring them, reference the OpenLDAP 2.4 Admin
Guide.
For trouble shooting ACL misconfigurations, try running slapd in debug
mode, or increase your logging.--
On Thu, Feb 2, 2012 at 11:13 PM, Gaurav Gugnani <gugnanigaurav@gmail.com>wrote:
Hello,
Thks for helping me out. Yes, the package is missing.
The O/P of plugin viewer:
/u01/app/openldap/product/2.4.26/etc/openldap>pluginviewer
Installed SASL (server side) mechanisms are:
ANONYMOUS PLAIN LOGIN EXTERNAL
Dan White