"Zohar Lev Shani" <[EMAIL PROTECTED]> writes: > I had set up a secured TLS with all the certificates and keys needed. But > still, I cannot login using SASL and PLAIN/LOGIN mechanisms over TLS. The user > in the example has the userPassword hashed in MD5. See errors below: > >>ldapsearch -h localhost:9999 -Y PLAIN -w pass1 -U user1 -b dc=my-domain,dc= > com -s base -ZZ > SASL/PLAIN authentication started > ldap_sasl_interactive_bind_s: Invalid credentials (49) > additional info: SASL(-13): user not found: Password verification > failed > >>ldapsearch -h localhost:9999 -Y LOGIN -w pass1 -U user1 -b dc=my-domain,dc= > com -s base -ZZ > SASL/LOGIN authentication started > ldap_sasl_interactive_bind_s: Invalid credentials (49) > additional info: SASL(-13): user not found: checkpass failed > > Using cleartext password solves the problem but this is not what I am trying > to do. > Just a reminder of what I am trying to achieve: In the database I want the > userPassword field to be hashed and the bind authentication will be against it > using the authz-regexp directive in slapd.conf. Using DIGEST-MD5 SASL doesn't > help here because the userPassword needs to be in cleartext in the database.
Any sasl mechanism, except external, requires cleartext password. -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6