[KLUG Members] saslauthd and LDAP
Peter Buxton
members@kalamazoolinux.org
Sat, 7 Feb 2004 02:54:03 -0500
On Thu, Feb 05, 2004 at 03:19:14PM -0500, Adam Williams was only escaped
alone to tell thee:
> Yes; there is no real correlation between Cyrus IMAP & Cyrus SASL;
> imapd is just the most prominant application to use SASL. You can
> even make OpenLDAP rely on saslauthd to verify bind attempts.
Well, since saslauthd won't authenticate against LDAP, that's pretty
meaningless. Does SASL need passwords in sasldb2 before it will work? I
have md5 and clear passwords in my uid=peter dn.
This works without a password:
# ldapsearch -H ldapi:/// -x uid=peter
These don't:
# ldapsearch -U uid=peter -R KILLDEVIL.ORG -H ldapi:/// -Y DIGEST-MD5 uid=peter
# ldapsearch -D uid=peter,ou=People,dc=grimace,dc=killdevil,dc=org -H ldapi:/// \
-Y DIGEST-MD5 uid=peter
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Internal (implementation specific) error
(80) additional info: SASL(-13): user not found: no secret in database
# ldapmodify -H ldapi:/// -U "cn=admin,dc=killdevil,dc=org" -W
Enter LDAP Password:
SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Internal (implementation specific) error
(80) additional info: SASL(-13): user not found: no secret in database
# ldapsearch -D uid=peter,ou=People,dc=grimace,dc=killdevil,dc=org -H ldapi:/// -x -W uid=peter
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
This works with a password
# ldapmodify -H ldapi:/// -D "cn=admin,dc=killdevil,dc=org" -W -x
--
War is God's way of teaching Americans geography. -- Ambrose Bierce