LDAP+SASL
Michael Peek
peek at tiem.utk.edu
Thu Feb 19 22:49:25 UTC 2009
Norberto Bensa wrote:
> On Thu, Feb 19, 2009 at 7:26 PM, Michael Peek <peek at tiem.utk.edu> wrote:
>
>> sasl-regexp uid=(.*),cn=.*,cn=auth
>> uid=$1,ou=People,dc=nimbios,dc=org
>>
>
> You have at least two problems. The first one is sasl-regexp, AFAIK it
> should be authz-regexp. The second problem is ".*" will match
> everything and will not work as you expect. You need to tell the
> regexp when to stop:
>
> authz-regexp
> uid=([^,]*),cn=[^,]*,cn=auth
> uid=$1,ou=People,dc=nimbios,d=org
>
> Also, remember to add "authz-policy to" too.
>
> If it continues to fail, increase loglevel in slapd.conf
>
>
> Regards,
> Norberto
>
>
Thanks Norberto.
I've removed the sasl-regexp and added the following:
authz-regexp uid=(.*),cn=[^,]*,cn=auth
uid=$1,ou=People,dc=nimbios,dc=org
authz-policy to
I also set the loglevel to stats.
On the linux host, I can type the following and get LDIF entries back:
ldapsearch -U admin at realm -H 'ldap://ldap.host.org/' -b
"dc=nimbios,dc=org" '(objectClass=*)'
But the mac still fails to bind. I'm telling the mac to bind with
cn=admin,dc=nimbios,dc=org, and giving it the password for the directory
admin. Here's the output from slapd:
slapd[19182]: conn=0 fd=15 ACCEPT from IP=xxx.xxx.xxx.xxx:49533
(IP=0.0.0.0:389)
slapd[19182]: conn=1 fd=16 ACCEPT from IP=xxx.xxx.xxx.xxx:49534
(IP=0.0.0.0:389)
slapd[19182]: conn=1 op=0 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
slapd[19182]: conn=1 op=0 SRCH attr=supportedSASLMechanisms
namingContexts dnsHostName krbName
slapd[19182]: conn=1 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[19182]: conn=0 fd=15 closed (connection lost)
slapd[19182]: conn=1 op=1 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
slapd[19182]: conn=1 op=1 SRCH attr=subschemasubentry
slapd[19182]: conn=1 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[19182]: conn=1 op=2 SRCH base="cn=Subschema" scope=0 deref=0
filter="(objectClass=subschema)"
slapd[19182]: conn=1 op=2 SRCH attr=objectclasses
slapd[19182]: conn=1 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[19182]: conn=1 op=3 SRCH base="dc=nimbios,dc=org" scope=2 deref=0
filter="(&(objectClass=organizationalUnit)(ou=macosxodconfig))"
slapd[19182]: conn=1 op=3 SRCH attr=description
slapd[19182]: <= bdb_equality_candidates: (ou) not indexed
slapd[19182]: conn=1 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[19182]: conn=1 op=4 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
slapd[19182]: conn=1 op=4 SRCH attr=altserver
slapd[19182]: conn=1 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[19182]: conn=2 fd=17 ACCEPT from IP=xxx.xxx.xxx.xxx:49535
(IP=0.0.0.0:389)
slapd[19182]: conn=2 op=0 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
slapd[19182]: conn=2 op=0 SRCH attr=supportedSASLMechanisms
namingContexts dnsHostName krbName
slapd[19182]: conn=2 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[19182]: conn=2 op=1 BIND dn="" method=163
slapd[19182]: conn=2 op=1 RESULT tag=97 err=14 text=SASL(0): successful
result: security flags do not match required
slapd[19182]: conn=2 op=2 BIND dn="" method=163
slapd[19182]: SASL [conn=2] Failure: no secret in database
slapd[19182]: conn=2 op=2 RESULT tag=97 err=49 text=SASL(-13): user not
found: no secret in database
slapd[19182]: conn=2 op=3 BIND dn="cn=admin,dc=nimbios,dc=org" method=128
slapd[19182]: conn=2 op=3 BIND dn="cn=admin,dc=nimbios,dc=org"
mech=SIMPLE ssf=0
slapd[19182]: conn=2 op=3 RESULT tag=97 err=0 text=
slapd[19182]: conn=1 op=5 UNBIND
slapd[19182]: conn=2 op=4 SRCH base="dc=nimbios,dc=org" scope=2 deref=0
filter="(|(objectClass=posixAccount)(objectClass=inetOrgPerson)(objectClass=shadowAccount))"
slapd[19182]: conn=1 fd=16 closed
slapd[19182]: conn=2 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[19182]: conn=2 op=5 UNBIND
slapd[19182]: conn=2 fd=17 closed
slapd[19182]: conn=3 fd=16 ACCEPT from IP=xxx.xxx.xxx.xxx:59419
(IP=0.0.0.0:389)
slapd[19182]: conn=3 op=0 BIND dn="cn=admin,dc=nimbios,dc=org" method=128
slapd[19182]: conn=3 op=0 BIND dn="cn=admin,dc=nimbios,dc=org"
mech=SIMPLE ssf=0
slapd[19182]: conn=3 op=0 RESULT tag=97 err=0 text=
slapd[19182]: conn=3 op=1 SRCH base="dc=nimbios,dc=org" scope=2 deref=0
filter="(objectClass=*)"
slapd[19182]: conn=3 op=1 SEARCH RESULT tag=101 err=0 nentries=5 text=
slapd[19182]: conn=3 fd=16 closed (connection lost)
Any and all help welcomed.
Michael
More information about the ubuntu-users
mailing list