Hi Michael, Surprisingly, I had to remove the cn=synamatixdev.com in the authz-regexp statement below then only it can match and look for the admin id i created with saslpasswd -c
authz-regexp uid=(.*),cn=digest-md5,cn=auth cn=Manager,dc=synamatixdev,dc=com
However, when i tried to add my users using ldfi format, i encounter some problems.
First, it's the schema issue. When i included inetorgperson schema, it keeps on throwing messages about certain audio, homePhone objectClass structural object not existing. So, i removed all those objects ldap complains and i managed to start my slapd.
After that, when i tried to add my user with the ldif format as below:
dn: ou=people,dc=synamatixdev,dc=com ou: people objectClass: organizationalunit objectClass: inetorgperson
dn: uid=user1,ou=people,dc=synamatixdev,dc=com uid: user1 cn: Mary cn: Mary Terry objectClass: inetorgperson objectClass: account objectClass: top objectClass: shadowAccount sn: Terry userPassword: user123
I receive the error message below when i tried to add with slapadd: str2entry: invalid value for attributeType objectClass #1 (syntax 1.3.6.1.4.1.1466.115.121.1.38) I am not very sure about the objectClass allowed for OpenLdap 2.3.27. Why does it say there's invalid value for attributeType? PLease help, thanks!
2009/8/6 Michael Ströder michael@stroeder.com
Seau Yeen Su wrote:
I have successfully installed cyrus-sasl-2.1.23 and openldap-2.3.27 plus BerkeleyDB.4.3 in my RHEL5.2 server. After the installation, i used saslpasswd2 -c to create an admin user:
saslpasswd2 -c admin
Do you actually have an entry with (uid=admin) in your LDAP server?
After that, I thought of doing a search on the database with the command
:
ldapsearch -H ldap:///localhost -Y DIGEST-MD5 -d 2 -U admin but it returned an error of : ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): user not found: no secret in database
When i did a check on /etc/, the sasldb2 file is there. I do not know and understand why it cannot find this user. Did i miss out anything. Below is excerpt from my slapd.conf file
password-hash {CLEARTEXT} authz-regexp uid=(.*),cn=synabase-dev5.synamatixdev.com http://synabase-dev5.synamatixdev.com,cn=DIGEST-MD5,cn=auth ldap:///dc=synamatixdev,dc=com??sub?uid=$1 authz-regexp uid=(.*),cn=synabase-dev5.synamatixdev.com http://synabase-dev5.synamatixdev.com,cn=DIGEST-MD5,cn=auth uid=$1
You don't need /etc/sasldb2 if you want to use authz-regexp. Simply create an LDAP entry with below your search root dc=synamatixdev,dc=com with attribute uid set to admin and userPassword set in clear-text.
Ciao, Michael.
-- Michael Ströder E-Mail: michael@stroeder.com http://www.stroeder.com