Fernando Torrez <[email protected]> writes: > Hi all > Thanks for all your suggestions > > I tried the suggested command (thanks Moorthi): > ldapwhoami -U proxyuser -X u:test -Y digest-md5 -I > with no success. I got this error: > > firewall:~ # ldapwhoami -U proxyuser -X u:test -Y digest-md5 -I > SASL/DIGEST-MD5 authentication started > SASL Interaction > Default: u:test > Please enter your authorization name: test > Default: proxyuser > Please enter your authentication name: proxyuser > Please enter your password: > ldap_sasl_interactive_bind_s: Insufficient access (50) > additional info: SASL(-14): authorization failure: unable > authorization ID > > (Logs are at the bottom of this mail for details) > > I also realized that the logs changed almost nothing either the command below > is running or not: > > saslauthd -d -V -a ldap -r -O /etc/saslauthd.conf > > so I can say that unfortunately there's no comunication between SASLAUTHD and > LDAP. > > Now I will try the suggestion to separate saslauthd and ldapdb (thanks Dieter) > > But I'm still wondering if there's a way to work ldap server and cyrus-sasl > together. Let's be more accuratte > > 1.- Connect to ldap server throught cyrus-sasl (let's say authenticated/ > authorized proxyuser connected to ldap server) > 2.- Once connected to the ldap server, authenticate/authorize other user (or > any object ) saved on ldap server using previous connection done in step 1 > > Is that posible? Or, Am I driving crazy for nothing? [...]
Is there any particular reason to include an external identiy provider deamon like saslauthd? Why don't you just use build in sasl functions? As I already mentioned: 1. create plaintext userPasswords, 2. configure authz-regexp to map sasl authentication string to an entry, (man slapd.conf(5)) 3. add to /etc/sasl2/slapd.conf 'auxprop_plugin: slapd' 4. test whith ldapwhoami If you want additonal proxy authentication 1. add a auth-policy to slapd.conf 2. add authzTo attribute and appropriate value to a proxy user entry, 3. test with ldapwhoami -X u:<proxy-user> -U <user> -Y <mechanism> -Dieter -- Dieter Klünter | Systemberatung sip: [email protected] http://www.dpunkt.de/buecher/2104.html GPG Key ID:8EF7B6C6
