[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

Re: SASL + LDAP



On 04/15/2010 04:42 PM, Dan White wrote:
> On 15/04/10 15:33 +0200, Giovanni Malfarà wrote:
>> In slapd (slapd -d -1) debug messages I get:
>>
>> SASL [conn=7] Debug: DIGEST-MD5 server step 2
>> slap_sasl_getdn: u:id converted to
>> uid=test@xxxxxxxxxxxx,cn=DIGEST-MD5,cn=auth
>>>>> dnNormalize: <uid=test@xxxxxxxxxxxx,cn=DIGEST-MD5,cn=auth>
>> <<< dnNormalize: <uid=test@xxxxxxxxxxxx,cn=digest-md5,cn=auth>
>> ==>slap_sasl2dn: converting SASL name
>> uid=test@xxxxxxxxxxxx,cn=digest-md5,cn=auth to a DN
>> slap_authz_regexp: converting SASL name
>> uid=test@xxxxxxxxxxxx,cn=digest-md5,cn=auth
>> <==slap_sasl2dn: Converted SASL name to <nothing>
>> SASL [conn=7] Failure: no secret in database
>
> I have a similar configuration to your's except that I use the
> authz-regexp
> and authz-policy statements instead of what you have. I'm using version
> 2.4.15:
>
> authz-regexp
>   "uid=([^,]+),cn=([^,]+),cn=auth"
>  
> ldap:///ou=people,dc=example,dc=net??one?(&(btcAltUid=$1)(!(btcAccountStatus=suspended)))
>
>
> authz-policy to
>
> (btcAltUID and btcAccountStatus are non-standard attributes)
>
> This looks alarming:
>
> access to * attrs=userPassword by self write by * write
>
> I have (slightly modified):
>
> access to
> attrs=userPassword,shadowLastChange,sambaPwdLastSet,sambaLMPassword,sambaNTPassword,krb5KeyVersionNumber,krb5Key
>
>         by anonymous auth
>         by self write
>         by * none
>
Nothing happens using authz-regexp and auth-policy and modifying the
access rule.

What else can I check?

Thank you!


-- 
Giovanni Malfarà

Per favore non mandatemi allegati in Word o PowerPoint.
Si veda http://www.gnu.org/philosophy/no-word-attachments.it.html 

"Ciò che conta in guerra non sono gli uomini, è l'uomo cioè il soldato che sa battersi fino in fondo, difendendo un pezzo di terra o, contro ogni logica, un brandello di idea". (Napoleone Bonaparte).

begin:vcard
fn;quoted-printable:Giovanni Malfar=C3=A0
n;quoted-printable:Malfar=C3=A0;Giovanni
email;internet:giovanni.malfara@xxxxxxxxx
x-mozilla-html:FALSE
version:2.1
end:vcard


[Video For Linux]     [Photos]     [Yosemite News]    [Yosemite Photos]     [gtk]     [KDE]     [Info Cyrus]     [Gimp on Windows]     [Steve's Art]     [Script Fu]

Powered by Linux