Hello All, i was working on this problem and figured out that ldapdb plugin auxprop is missing.
/u01/app/openldap/product/2.4.26/etc/openldap>pluginviewer Installed SASL (server side) mechanisms are: CRAM-MD5 ANONYMOUS DIGEST-MD5 PLAIN LOGIN EXTERNAL ... Installed auxprop mechanisms are: sasldb List of auxprop plugins follows Plugin "sasldb" , API version: 4 supports store: yes I read that to use such thing, ldapdb auxprop plugin should be enabled. http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/2008-September/001552.html The package has been installed and the below files are there: libldapdb.la libldapdb.so.2.0.22 libldapdb.so.2 libldapdb.so Please help me, how to set SASL using ldap directory. Thks for your help. Regards, Gaurav Gugnani On Tue, Feb 7, 2012 at 11:01 AM, Gaurav Gugnani <gugnanigau...@gmail.com>wrote: > Hello All, > > Thks to all for helping me out. i hope now the destination is not too far > as i achieved the SASL but it is storing using sasldb. > However, i want it to store information in ldap direcotry. > > I've installed the corresponding package: > cyrus-sasl-ldap-2.1.22-5.el5_4.3.x86_64.rpm > > Steps for SASL in LDAP using sasldb > ------------------------------------------------------ > > 1> saslpasswd2 -c sasluser14 > 2> sasldblistusers2 > > 3> service ldap stop > > 4> vi etc/openldap/slapd.conf > sasl-auxprops sasldb > > authz-regexp uid=([^,]*),cn=DIGEST-MD5,cn=auth uid=$1,ou=System,o=xyz > - Give proper ACL to sasluser14 > > 5> cat /usr/lib64/sasl2/slapd.conf > # SASL Configuration > pwcheck_method: auxprop > auxprop_plugin: sasldb > #auxprop_plugin: slapd > mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 > sasldb_path: /etc/sasldb2 > > 6> service ldap start > > 7> ps -eaf | grep -i ldap > > 8> vi add_sasl_accnt14.ldif > > # TEST Account for SASL: > dn: uid=sasluser14,ou=System,o=xyz > uid: sasluser14 > > ou: System > description: Special account for SASL Testing > userPassword: sasluser14 > objectClass: account > objectClass: simpleSecurityObject > > 9> ldapadd -x -D cn=Manager,o=xyz -W -f add_sasl_accnt14.ldif > > 10> ldapsearch -Y DIGEST-MD5 -U sasluser14 -b > 'uid=sasluser7,ou=system,o=xyz' > > But now the problem is - it is storing the users in sasldb. and we want to > use ldap directory. > Can any one please suggest - What changes i need to make to achieve it? > > > Thks a lot for your support. > > Regards, > Gaurav Gugnani > > On Mon, Feb 6, 2012 at 9:17 PM, Dan White <dwh...@olp.net> wrote: > >> On 02/06/12 11:40 +0530, Gaurav Gugnani wrote: >> >>> Hello All, >>> >>> Thks for helping me out, however i'm still stuck in middle of it and the >>> issue has not yet resolved. >>> >> >> You should run your server in debug mode to determine what's going awry. >> >> *Error:* >>> >>> /u01/app/openldap/product/2.4.**26/etc/openldap>ldapsearch -Y >>> DIGEST-MD5 -U >>> sasluser7 -b 'o=xyz' >>> SASL/DIGEST-MD5 authentication started >>> Please enter your password: >>> ldap_sasl_interactive_bind_s: Invalid credentials (49) >>> additional info: SASL(-13): user not found: no secret in database >>> >>> I checked for ACL and also now i'm using authz with following lines: >>> >>> authz-regexp uid=([^,]*),cn=DIGEST-MD5,cn=**auth uid=$1,ou=System,o=xyz >>> >>> access to attrs="userpassword" >>> by self write >>> by anonymous auth >>> by dn="uid=sasluser7,ou=System,o=**xyz" read >>> access to dn.base="o=xyz" >>> by dn="uid=sasluser7,ou=System,o=**xyz" read >>> by users read >>> access to dn.subtree="ou=Subscribers,o=**xyz" >>> by dn="uid=sasluser7,ou=System,o=**xyz" read >>> access to * >>> by self write >>> by dn="uid=sasluser7,ou=System,o=**xyz" read >>> >>> I hope it is fine. >>> >> >> I have 'by anonymous auth' on the following: >> >> access to dn.base="ou=people,dc=example,**dc=net" >> access to attrs=userPassword >> access to attrs=authzTo >> access to attrs=objectClass >> access to attrs=entry,uidNumber >> >> You could determine if that's sufficient for you piecemeal wise but, >> again, >> use debug output to figure it out. For example: >> >> slapd -d -1 -h ldap:/// -u openldap -g openldap >> >> See the manpage for slapd for details. >> >> >> Moreover, we can say that the user is created: >>> /u01/app/openldap/product/2.4.**26/etc/openldap>ldapsearch -x -W -D >>> 'cn=manager,o=xyz' -b 'uid=sasluser7,ou=System,o=**xyz' >>> Enter LDAP Password: >>> # extended LDIF >>> # >>> # LDAPv3 >>> # base <uid=sasluser7,ou=System,o=**xyz> with scope subtree >>> # filter: (objectclass=*) >>> # requesting: ALL >>> # >>> >>> # sasluser7, System, xyz >>> dn: uid=sasluser7,ou=System,o=xyz >>> uid: sasluser7 >>> ou: System >>> description: Special account for SASL Testing >>> userPassword:: c2FzbVHzZXI3 >>> >> >> Be aware that the above is a simple uuencoding of your password. It should >> now be considered publicly known. >> >> >> objectClass: account >>> objectClass: simpleSecurityObject >>> >>> # search result >>> search: 2 >>> result: 0 Success >>> >>> # numResponses: 2 >>> # numEntries: 1 >>> >>> Also, i would like to highlight one thing: >>> >>> That when i check for sasl dblist users - it thorws me an error. Can that >>> be an issue point? >>> /u01/app/openldap/product/2.4.**26/etc/openldap>**sasldblistusers >>> -bash: sasldblistusers: command not found >>> >> >> Any of the cyrus sasl* commands are most likely doing the wrong thing, >> which default to using the sasldb auxprop store (which uses /etc/sasldb2) >> rather that slapd or ldapdb. I would not use them at this point as they're >> bound to confuse the matter. >> >> -- >> Dan White >> > >