Hello Michael,
Yes sasl-md5 work with clear password, that is why to me the password of syncuser is defined in the base sasl2db.
In my ldap configuration, I have only the following line:
OlcAuthzRegexp: {0} " uid=syncuser, cn=DIGEST-MD5, cn=auth " " cn=syncuser, dc=xxx, dc=fr "
In my ldap base I thus have no entry "cn=syncuser,dc=xxx,dc=fr' defined.
My ldapsearch command : # ldapsearch -Y DIGEST-MD5-U syncuser -h localhost Reads that rule Hello Michael,
Yes sasl-md5 work with clear password, that is why to me the password of syncuser is defined in the base sasl2db.
In my ldap configuration, I have only the following line: OlcAuthzRegexp: {0} " uid=syncuser, cn=DIGEST-MD5, cn=auth " " cn=syncuser, dc=xxx, dc=fr "
In my ldap base I thus have no entry "cn=syncuser,dc=xxx,dc=fr' defined.
In my ldapsearch command : # ldapsearch -Y DIGEST-MD5-U syncuser -h localhost
Reads that rule OlcAuthzRegexp: {0} " for the user "uid=syncuser, cn=DIGEST-MD5, cn=auth " translates into ldap entry "cn=syncuser,cn=xxx,cn=fr".
Then he compares the password at first in the base sasl2db, then in the ldap base. In my case the password being in the base sasldb, he should find one correspondence no??
It is correct to there???
Best regards chataigne
2011/10/29 Michael Ströder michael@stroeder.com
bea chataigne wrote:
# ldapsearch -Y DIGEST-MD5-U syncuser ldap_sasl_interactive_bind_s: Invalid credentials ( 49 ) additional information: SASL ( 13 ): use(wear out) not found: no secret in database
Does attribute userPassword of entry cn=syncuser,dc=xxx,dc=fr has a clear-text value? SASL DIGEST-MD5 does not work with hashed passwords.
Ciao, Michael.