I've been breaking my head with this for two days now. I've got openldap installed with sasl support on an auth-server. However, I cannot seem sasl working properly. I've added the scheme and all to openldap, as well as adding users to the database.
But when I try to authenticate using digest-md5, I get an error:
debug.log gives me this:
It looks like if either can't connect to the user db (/usr/local/etc/sasldb2.db), or that is doesn't exists, but it does, I've checked. Also:
Output from ldapsearch:
Parts of slapd.conf:
Does anybody have any experience with this? I'm pretty new, so right now it's kinda "cloudy", but I've been reading up on this a lot, but still can't figure it out. Any help is appreciated.
But when I try to authenticate using digest-md5, I get an error:
Code:
# ldapsearch -Y digest-md5 -U joes@freebsd71
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)debug.log gives me this:
Code:
May 8 14:49:48 freebsd71 ldapsearch: DIGEST-MD5 client step 2
May 8 14:49:48 freebsd71 slapd[78385]: conn=19 op=1 BIND dn="" method=163
May 8 14:49:48 freebsd71 slapd[78385]: SASL [conn=19] Failure: Could not open db
May 8 14:49:48 freebsd71 last message repeated 3 times
May 8 14:49:48 freebsd71 slapd[78385]: SASL [conn=19] Failure: no secret in database
May 8 14:49:48 freebsd71 slapd[78385]: conn=19 op=1 RESULT tag=97 err=49 text=SASL(-13): user not found: no secret in database
May 8 14:49:48 freebsd71 slapd[78385]: conn=19 fd=11 closed (connection lost)It looks like if either can't connect to the user db (/usr/local/etc/sasldb2.db), or that is doesn't exists, but it does, I've checked. Also:
Code:
# sasldblistusers2
admin@freebsd71: userPassword
joes@freebsd71: userPasswordOutput from ldapsearch:
Code:
dn: uid=joes,ou=People,dc=testdomain,dc=no
uid: joes
cn: Joe Schmoe
objectClass: top
objectClass: inetOrgPerson
objectClass: person
givenName: Joe
sn: SchmoeParts of slapd.conf:
Code:
database bdb
suffix "dc=testdomain,dc=no"
rootdn "cn=Manager,dc=testdomain,dc=no"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {SSHA}erhPkiMW4qIl0KFguplsA4Va+QP2xIBl
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/db/openldap-data
# Indices to maintain
index objectClass eq
index uid eq
index cn pres,sub,eq
index givenname pres,sub,eq
index surname pres,sub,eqDoes anybody have any experience with this? I'm pretty new, so right now it's kinda "cloudy", but I've been reading up on this a lot, but still can't figure it out. Any help is appreciated.