Daniel Qarras <[EMAIL PROTECTED]> writes: > Hi all, > > after spending several days fighting with OpenLDAP2.3/SASL setup I'm > finally at point where both sample-client/server and ldapwhoami work > for a user who's got his password stored in cleartext in LDAP's > userPassword field. I'm using TLS and both PLAIN and DIGEST-MD5 work. > However, for a user with his password stored as SSHA has in LDAP's > userPassword neither of those work. > > It seems that DIGEST-MD5 can only work if both sides have access to the > cleartext password, right? Thus, it was expected that DIGEST-MD5 can't > work. > > But I'm out of clues with PLAIN (over TLS, using a self-signed > certificate) as why it doesn't work for a user who's password is in > SSHA. The users are testusers I entered, the ldif file used was 1:1, > only the uids and passwords were different. I am still missing some > basic principle of SASL or what's going on here? [...]
Think twice! This is not an OpenLDAP issue but a SASL issue, ask on a sasl mailinglist how sasl machanisms are designed and how they retrieve credentials. -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6
