Hello Michael,
Yes sasl-md5 work with clear password, that is why to me the password of
syncuser is defined in the base sasl2db.
In my ldap configuration, I have only the following line:
OlcAuthzRegexp: {0} " uid=syncuser, cn=DIGEST-MD5, cn=auth " " cn=syncuser,
dc=xxx, dc=fr "
In my ldap base I thus have no entry "cn=syncuser,dc=xxx,dc=fr' defined.
My ldapsearch command :
# ldapsearch -Y DIGEST-MD5-U syncuser -h localhost
Reads that rule
Hello Michael,
Yes sasl-md5 work with clear password, that is why to me the password of
syncuser is defined in the base sasl2db.
In my ldap configuration, I have only the following line:
OlcAuthzRegexp: {0} " uid=syncuser, cn=DIGEST-MD5, cn=auth " " cn=syncuser,
dc=xxx, dc=fr "
In my ldap base I thus have no entry "cn=syncuser,dc=xxx,dc=fr' defined.
In my ldapsearch command :
# ldapsearch -Y DIGEST-MD5-U syncuser -h localhost
Reads that rule OlcAuthzRegexp: {0} " for the user "uid=syncuser,
cn=DIGEST-MD5, cn=auth " translates into ldap entry
"cn=syncuser,cn=xxx,cn=fr".
Then he compares the password at first in the base sasl2db, then in the
ldap base.
In my case the password being in the base sasldb, he should find one
correspondence no??
It is correct to there???
Best regards
chataigne
2011/10/29 Michael Ströder <mich...@stroeder.com>
> bea chataigne wrote:
> > # ldapsearch -Y DIGEST-MD5-U syncuser
> > ldap_sasl_interactive_bind_s: Invalid credentials ( 49 ) additional
> > information: SASL ( 13 ): use(wear out) not found: no secret in database
>
> Does attribute userPassword of entry cn=syncuser,dc=xxx,dc=fr has a
> clear-text
> value? SASL DIGEST-MD5 does not work with hashed passwords.
>
> Ciao, Michael.
>
