LDAP+SASL
Norberto Bensa
nbensa at gmail.com
Thu Feb 19 23:20:06 UTC 2009
On Thu, Feb 19, 2009 at 8:49 PM, Michael Peek <peek at tiem.utk.edu> wrote:
> But the mac still fails to bind. I'm telling the mac to bind with
> cn=admin,dc=nimbios,dc=org, and giving it the password for the directory
> admin. Here's the output from slapd:
>
What mechs are available?
$ ldapsearch -LLL -s base -b '' '(objectClass=*)' supportedSASLMechanisms
Are you sure your Mac looks for the entry:
uid=admin,cn=one-available-mech,cn=auth ? This one will be shown with
"loglevel trace".
This is what "loglevel trace" plus a "grep auth" gives me:
Feb 19 21:13:11 zeddmore slapd[25108]: slap_sasl_getdn: u:id converted
to uid=zoolook,cn=BENSA.AR,cn=GSSAPI,cn=auth
As you can see, the first cn= is the REALM, and the second, the mech.
I remember having problems in a all-Linux network and I added a second
authz-regexp. This is what I have here:
password-hash {CLEARTEXT}
sasl-host ldap.bensa.ar
sasl-realm BENSA.AR
sasl-secprops noplain,noanonymous
authz-policy to
authz-regexp
uid=([^,]*),cn=[^,]*,cn=[^,]*,cn=auth
uid=$1,ou=users,dc=bensa,dc=ar
authz-regexp
uid=([^,]*),cn=[^,]*,cn=auth
uid=$1,ou=users,dc=bensa,dc=ar
Regards,
Norberto
More information about the ubuntu-users
mailing list