[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Openldap simple bind



	Hello  

	I've been working on Central Authentication Server
with SASL/GSSAPI and OpenLDAP simple bind authentication using
kerberos key server.
	The SASL/GSSAPI authentication is working. However, I've defined 
userPassword as {SASL}principal@REALM ( and {KERBEROS}principal@REALM ) 
for simple bind and the test doesn't work.
	By saslauthd debug, the OpenLDAP doesn't call the 
saslauthd/kerberos... :-/ 

	I had changed  userPassword to "teste123" and it worked perfectly.

        I'm using FreeBSD 5.3 with OpenLDAP 2.2.23, Heimdal 
0.6.3 ( with openldap backend) and cyrus-sasl-saslauthd 2.1.20.

	I've been working through the docs at
http://www.opentechnet.com/auth-howto/
http://www.bayour.com/LDAPv3-HOWTO.html
	and 
http://www.openldap.org/lists/openldap-software/200308/msg00158.html
http://www.openldap.org/lists/openldap-software/200502/msg00470.html

        Do you have any clues?

        Thanks in advance for any help!

        Aguinaldo


---------------

# ldapwhoami -Y EXTERNAL -H ldapi:///
SASL/EXTERNAL authentication started
SASL username: uidNumber=0+gidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn:cn=ldapadmin@unicamp.br,ou=kerberos,dc=unicamp,dc=br

%ldapwhoami
SASL/GSSAPI authentication started
SASL username: chico@UNICAMP.BR
SASL SSF: 56
SASL installing layers
dn:cn=chico silva,ou=kerberos,dc=unicamp,dc=br

%ldapsearch -ZZ -H ldap:// -b "" -s base -LLL supportedSASLMechanisms
%SASL/GSSAPI authentication started
SASL username: chico@UNICAMP.BR
SASL SSF: 56
SASL installing layers
dn:
supportedSASLMechanisms: NTLM
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5

%/usr/local/sbin/testsaslauthd -u chico -p teste123 -r UNICAMP.BR -s
%ldap -f /var/state/saslauthd/mux
0: OK "Success."

OpenLDAP - config:
/usr/ports/net/openldap23-sasl-server/work/openldap-2.2.23
# ./configure  --with-threads=posix --with-tls=openssl --with-kerberos
# --enable-kpasswd --enable-dynamic --with-cyrus-sasl
# --localstatedir=/var/db --enable-ldbm=yes --enable-crypt
# --enable-lmpasswd --enable-ldap=yes --enable-meta=yes --enable-rewrite
# --enable-null=yes --enable-monitor=yes --enable-bdb=yes
# --enable-hdb=yes --with-ldbm-api=berkeley --enable-spasswd
# --enable-wrappers --prefix=/usr/local --build=i386-portbld-freebsd5.3

--
 Marcos Aguinaldo Forquesato             email:guina at ccuec.unicamp.br
 Centro de Computação                    HP:http://www.ccuec.unicamp.br/
 Universidade Estadual de Campinas (UNICAMP)