[KLUG Members] saslauthd and LDAP
Peter Buxton
members@kalamazoolinux.org
Fri, 6 Feb 2004 02:41:45 -0500
On Thu, Feb 05, 2004 at 03:19:14PM -0500, Adam Williams was only escaped
alone to tell thee:
> But ldapsearch uid=peter does find something?
grimace:04:27 PM:~# ldapsearch -LLL -v -H ldapi:/// -x uid=peter
ldap_initialize( ldapi:/// )
filter: uid=peter
requesting: ALL
dn: uid=peter,ou=People,dc=killdevil,dc=org
uid: peter
cn: Peter Buxton
....
I'm not sure why it reads "dn: uid=peter..." That's how the migration
scripts screated them, or how the schema told them to create them. Will
that make a difference?
296 ? S 0:00 slapd -h ldap://127.0.0.1/ ldaps:/// ldapi:///
3066 ? S 0:00 saslauthd -a ldap
After some experimentation with ldapsearch (the differences between -D,
-U and -X are a bit obscure) I got a response:
grimace:04:39 PM:~# ldapsearch -LLL -v -H ldapi:/// -D "cn=admin,dc=killdevil,dc=org" -W -x uid=peter
ldap_initialize( ldapi:/// )
Enter LDAP Password:
filter: uid=peter
requesting: ALL
dn: uid=peter,ou=People,dc=killdevil,dc=org
uid: peter
cn: Peter Buxton
....
> > Does testsaslauthd work without an IMAP server installed?
>
> Yes; there is no real correlation between Cyrus IMAP & Cyrus SASL;
> imapd is just the most prominant application to use SASL. You can
> even make OpenLDAP rely on saslauthd to verify bind attempts.
I specified -Y DIGEST-MD5 on the command line and avoided `ldapsearch
-d2` from asking for OTP passwords, but now I get:
ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
additional info: SASL(-13): user not found: no secret in database
--
but to live outside the law you
must be honest.... -- bob dylan