LDAP+SASL
Michael Peek
peek at tiem.utk.edu
Thu Feb 19 21:26:43 UTC 2009
Hi gurus,
I'm attempting to set up LDAP and I've run into a snag. Linux clients
bind fine without SASL, but a Mac client is trying to bind with it. My
understanding is that this is because slapd is advertising SASL as a
valid authentication mechanism, and so the Macs see that and are running
with it.
I've attempted to set up SASL -- I've created the /etc/sasldb2 with my
directory admin's password:
saslpasswd2 -c <diradmin>
Password: <diradmin's password>
Again (for verification): <diadmin's password>
And I've set up a sasl-regexp:
sasl-regexp uid=(.*),cn=.*,cn=auth
uid=$1,ou=People,dc=nimbios,dc=org
But when I try to bind the client, I get the following in my log file:
slapd[6200]: <= bdb_equality_candidates: (ou) not indexed
slapd[6200]: SASL [conn=9] Failure: no secret in database
So I have two options -- either figure out how to set up SASL properly,
or figure out how to tell slapd to tell the Mac client that SASL is not
one of the valid authentication mechanisms (and then use SSL for
encryption).
Can anyone lend me a hand?
Michael
More information about the ubuntu-users
mailing list