[KLUG Members] saslauthd and LDAP

[Peter Buxton]

On Thu, Feb 05, 2004 at 03:19:14PM -0500, Adam Williams was only escaped
   alone to tell thee:

> Yes;  there is no real correlation between Cyrus IMAP & Cyrus SASL;
> imapd is just the most prominant application to use SASL.  You can
> even make OpenLDAP rely on saslauthd to verify bind attempts.

Well, since saslauthd won't authenticate against LDAP, that's pretty
meaningless. Does SASL need passwords in sasldb2 before it will work? I
have md5 and clear passwords in my uid=peter dn.

This works without a password:

# ldapsearch -H ldapi:/// -x uid=peter

These don't:

# ldapsearch -U uid=peter -R KILLDEVIL.ORG -H ldapi:/// -Y DIGEST-MD5 uid=peter

# ldapsearch -D uid=peter,ou=People,dc=grimace,dc=killdevil,dc=org -H ldapi:/// \
-Y DIGEST-MD5 uid=peter
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Internal (implementation specific) error
(80) additional info: SASL(-13): user not found: no secret in database

# ldapmodify -H ldapi:/// -U "cn=admin,dc=killdevil,dc=org" -W 
Enter LDAP Password: 
SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Internal (implementation specific) error
(80) additional info: SASL(-13): user not found: no secret in database

# ldapsearch -D uid=peter,ou=People,dc=grimace,dc=killdevil,dc=org -H ldapi:/// -x -W uid=peter 
Enter LDAP Password: 
ldap_bind: Invalid credentials (49)


This works with a password

# ldapmodify -H ldapi:/// -D "cn=admin,dc=killdevil,dc=org" -W -x

-- 
War is God's way of teaching Americans geography. -- Ambrose Bierce