Hi
I'm trying to use DIGEST-MD5 authentication on a SLES 9 SP3 system running
OpenLDAP 2.
tivo2:~ # ldapsearch
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
additional info: SASL(-13): user
[EMAIL PROTECTED]
Sent: Monday, April 02, 2007 10:36 AM
To: openldap-software@openldap.org
Subject: DIGEST-MD5 returns 'user not found'
Hi
I'm trying to use DIGEST-MD5 authentication on a SLES 9 SP3 system running
OpenLDAP 2.
tivo2:~ # ldapsearch
SASL/DIGEST-MD5 authentication start
nal Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chapman, Kyle
Sent: Monday, April 02, 2007 11:42 AM
To: openldap-software@openldap.org
Subject: RE: DIGEST-MD5 returns 'user not found'
Does:
Ldapsearch -y digest-md5 -U root -R tivo2 -W
Show anything diff. I hav
[EMAIL PROTECTED] wrote:
> Thanks, as ever, for the help, Kyle.
>
> I started slapd in debug mode. When I executed the command you
> suggested, I see:
>
> ldap_err2string <= ldap_dn2bv(uid=root,cn=digest-md5,cn=auth)=0
> Success <<< dnNormalize:
> ==>slap_sasl2dn: converting SASL name uid=root
Thanks for the reply
>It is used as far as sasldb2 is populated as appropriate; please refer
>to Cyrus SASL documentation for instructions about populating it.
Do you mean http://www.sendmail.org/~ca/email/cyrus/sysadmin.html? I've
crawled around the CMU web site, and have Google'd , and haven
as that doesn't match either "root"
or "[EMAIL PROTECTED]".
Thanks
tl
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chapman, Kyle
Sent: Monday, April 02, 2007 11:42 AM
To: openldap-software@openldap.org
Subject: RE: DIGEST-MD5
--On Monday, April 02, 2007 2:25 PM -0400 [EMAIL PROTECTED] wrote:
Thanks for the reply
It is used as far as sasldb2 is populated as appropriate; please refer
to Cyrus SASL documentation for instructions about populating it.
Do you mean http://www.sendmail.org/~ca/email/cyrus/sysadmin.htm
Hi Howard
>The SASL library tries all available information sources. If there was
a
>"root" user record in your sasldb2 file it would have been used. Since
>your sasldblistusers2 output shows "[EMAIL PROTECTED]" I'd say you have the
>wrong realm info in your database, as that doesn't match eith
[EMAIL PROTECTED] wrote:
Hi Howard
The SASL library tries all available information sources. If there was
a
"root" user record in your sasldb2 file it would have been used. Since
your sasldblistusers2 output shows "[EMAIL PROTECTED]" I'd say you have the
wrong realm info in your database, as
ght?
Thanks
tl
-Original Message-
From: Howard Chu [mailto:[EMAIL PROTECTED]
Sent: Monday, April 02, 2007 3:36 PM
To: Lemons, Terry
Cc: [EMAIL PROTECTED]; openldap-software@openldap.org
Subject: Re: DIGEST-MD5 returns 'user not found'
[EMAIL PROTECTED] wrote:
> Hi Howard
>
[EMAIL PROTECTED] wrote:
Thanks, Howard; I think I'm beginning to understand this.
So, the AUTHENTICATION piece is done by SASL using digest_md5, an
'external' connection to TLS, etc. But the AUTHORIZATION piece is
handled by the rules defined in the access control policy section of
slapd.conf,
11 matches
Mail list logo
