Hi,
I have a black box windows app that I was able to get working with SASL authentication. I am now doing some additional testing so I want to get the SASL auth working from ldapsearch for testing, but am not able to. My details are:
Running openldap 2.4.23 on debian.
slapd.conf SASL section is:
password-hash {CLEARTEXT} sasl-host ldap.nsd.org sasl-realm OL.NSD.ORG authz-regexp uid=(.*),cn=OL.NSD.ORG,cn=digest-md5,cn=auth uid=$1,ou=people,dc=nsd,dc=org
authz-regexp uid=(.*),cn=digest-md5,cn=auth uid=$1,ou=people,dc=nsd,dc=org
When the windows app connects I get in the logs:
1 slap_sasl_getdn: dn:id converted to uid=ckacoroski,ou=people,dc=nsd,dc=org 2 SASL Canonicalize [conn=1003]: slapAuthcDN="uid=ckacoroski,ou=people,dc=nsd,dc=org" 3 => bdb_search 4 bdb_dn2entry("uid=ckacoroski,ou=people,dc=nsd,dc=org") 5 base_candidates: base: "uid=ckacoroski,ou=people,dc=nsd,dc=org" (0x000000ef) 6 slap_ap_lookup: str2ad(cmusaslsecretDIGEST-MD5): attribute type undefined 7 send_ldap_result: conn=1003 op=2 p=3 8 send_ldap_result: err=0 matched="" text="" 9 SASL Canonicalize [conn=1003]: authzid="ckacoroski" 10 SASL proxy authorize [conn=1003]: authcid="ckacoroski@OL.NSD.ORG" authzid="ckacoroski@OL.NSD.ORG" 11 conn=1003 op=2 BIND authcid="ckacoroski@OL.NSD.ORG" authzid="ckacoroski@OL.NSD.ORG"
When I connect with
ldapsearch -Y DIGEST-MD5 -U ckacoroski -h ldapm '(objectclass=*)'
I get in the logs:
12 slap_sasl_getdn: dn:id converted to uid=ckacoroski,ou=people,dc=nsd,dc=org 13 SASL Canonicalize [conn=1000]: slapAuthcDN="uid=ckacoroski,ou=people,dc=nsd,dc=org" 14 => bdb_search 15 bdb_dn2entry("uid=ckacoroski,ou=people,dc=nsd,dc=org") 16 => bdb_dn2id("ou=people,dc=nsd,dc=org") 17 <= bdb_dn2id: got id=0x2 18 => bdb_dn2id("uid=ckacoroski,ou=people,dc=nsd,dc=org") 19 <= bdb_dn2id: got id=0xef 20 entry_decode: "uid=ckacoroski,ou=People,dc=nsd,dc=org" 21 <= entry_decode(uid=ckacoroski,ou=People,dc=nsd,dc=org) 22 base_candidates: base: "uid=ckacoroski,ou=people,dc=nsd,dc=org" (0x000000ef) 23 bdb_search: 239 does not match filter 24 send_ldap_result: conn=1000 op=1 p=3 25 send_ldap_result: err=0 matched="" text="" 26 SASL Canonicalize [conn=1000]: authzid="ckacoroski" 27 SASL [conn=1000] Failure: no secret in database
It seems to break at line 23 and 27. I am not sure what is different about how the windows app and ldapsearch use SASL, but something sure is :). So my question is how do I get ldapsearch to work using SASL?
Thanks in advance for your help.
cheers,
ski
openldap-technical@openldap.org
-
Ski Kacoroski