Sasl Digest-md5 support for openldap

Kihara Muriithi william.muriithi-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Wed Feb 7 09:29:40 UTC 2007


Hallo pals,
 Sometime back, I wrote to the tlug seeking some help on openldap schema. I
managed to overcome that particular problem, thanks for your guidance, but I
haven't figured how to enable sasl despite giving it a trial numerous times.
I am writing seeking help with this issue.
 A recap on what I am doing. I have a working ldap that can do both simple
and ssl binding/queries. I have populated it and in fact enabled a couple of
application to use it. I am using fedora 6, and the default openldap version
2.3.27-4, cyrus-sasl-2.1.22-4 and cyrus-sasl-md5-2.1.22-4. I believe sasl
digest-md5 is enabled on ldap, if one believes below querry

[root at localhost william]# ldapsearch -x -s base -b "" "(objectclass=*)" +
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: +
#

#
dn:
structuralObjectClass: OpenLDAProotDSE
configContext: cn=config
namingContexts: dc=afsat,dc=com
supportedControl: 1.3.6.1.4.1.4203.1.9.1.1
supportedControl: 2.16.840.1.113730.3.4.18
supportedControl: 2.16.840.1.113730.3.4.2
supportedControl: 1.3.6.1.4.1.4203.1.10.1
supportedControl: 1.2.840.113556.1.4.319
supportedControl: 1.2.826.0.1.334810.2.3
supportedControl: 1.2.826.0.1.3344810.2.3
supportedControl: 1.3.6.1.1.13.2
supportedControl: 1.3.6.1.1.13.1
supportedControl: 1.3.6.1.1.12
supportedExtension: 1.3.6.1.4.1.4203.1.11.1
supportedExtension: 1.3.6.1.4.1.4203.1.11.3
supportedFeatures: 1.3.6.1.1.14
supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
supportedFeatures: 1.3.6.1.4.1.4203.1.5.2
supportedFeatures: 1.3.6.1.4.1.4203.1.5.3
supportedFeatures: 1.3.6.1.4.1.4203.1.5.4
supportedFeatures: 1.3.6.1.4.1.4203.1.5.5
supportedLDAPVersion: 3
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5
entryDN:
subschemaSubentry: cn=Subschema

result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
 Clearly Digest-md5  look like it sould work. There is also the sasl
database. After installation, it looks like redhat guys creat a default
account, whose password I have not figured out. I have created other two as
shown below, but they haven't allowed successful access through sasl either

[root at localhost kihara]# /usr/sbin/sasldblistusers2
kihara-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob at public.gmane.org: userPassword
admin-kTeZXNXRcg2w25LekrCu8cM6rOWSkUom at public.gmane.org: userPassword
admin-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob at public.gmane.org: userPassword

admin-kTeZXNXRcg2w25LekrCu8cM6rOWSkUom at public.gmane.org is what was created by the installation process.
The rest were manually generated by me as I didn't have access to the
admin-kTeZXNXRcg0YjaQjVNXZ7LjjLBE8jN/0 at public.gmane.org password. However, logging in using the later
two haven't been helpful as below error shows


[root at localhost kihara]# ldapsearch -U admin-kTeZXNXRcg2w25LekrCu8cM6rOWSkUom at public.gmane.org -b 'dc=
afsat.com'
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
        additional info: SASL(-13): user not found: no secret in database
[root at localhost kihara]# ldapsearch -U admin -b 'dc=afsat.com'
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
        additional info: SASL(-13): user not found: no secret in database

 Now the question is, what database is the above error referring to? sasldb
or bdb, the backend of ldap? Can change of host name lead to problems and
what need to be edited to alleviate the issue?
Advice and thanks in advance

William
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20070207/b736a4fd/attachment.html>


More information about the Legacy mailing list