LDAP authentication and SASL/PLAIN
Dear fellow Debianites:
Hopefully there are those of you out there who have experience with the
OpenLDAP server 2.0.7 (from Sid) and it's authentication methodologies,
'cause I need help bad. I'm trying to move to LDAP authentication and will
be using the libpam_ldap to do so. Setting up the server is no problem, I'm
having troubles getting PLAIN authentication to work. I get errors using the
ldapsearch unless I use the -x
When I leave the SASL_SECPROPS at the default in the config files (which
won't work for me anyway), I get:
$ldapsearch -W -D "cn=admin,ou=People,dc=digiterra,dc=com" 'objectClass=*'
Enter LDAP Password:
ldap_sasl_interactive_bind_s: No such attribute
When I set the SASL_SECPROPS to none, I get:
-$ldapsearch -W -D "cn=admin,ou=People,dc=digiterra,dc=com" 'objectClass=*'
-Enter LDAP Password:
-SASL/LOGIN authentication started
-ldap_sasl_interactive_bind_s: Out of memory
I've been going back over this for a week trying to figure out
when/what/where/why for pam->ldap->sasl->tts/ssl and I'm blurried eyed. I
finally noticed the SASL/LOGIN in the last attempt. Now to my understanding
I want SASL/PLAIN so I can use the libpam_ldap. How do I get this to happen?
Plain is available:
-$ldapsearch -x -b "" -s base -LL supportedSASLMechanisms
-dn:
-supportedSASLMechanisms: LOGIN
-supportedSASLMechanisms: PLAIN
-supportedSASLMechanisms: ANONYMOUS
I could really use some guidance. I have no idea how to tell SASL to do
plain authentication in this case. I've read many a 'mini-howto' on doing
this and I've set my options similar, but there is something still escaping
me. I'm including my configs below. Thank for any help.
############
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.4.8.6 2000/09/05
#
BASE dc=digiterra, dc=com
SASL_SECPROPS none
#############
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
schemacheck off
#referral ldap://ldap.four11.com
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
loglevel 0
sasl-secprops none
# ldbm database definitions
database ldbm
suffix "dc=digiterra,dc=com"
directory "/var/lib/ldap"
lastmod on
access to dn=".*,ou=Roaming,dc=digiterra,dc=com"
by dnattr=owner write
access to attribute=userPassword
by dn="cn=admin,ou=People,dc=digiterra,dc=com" write
by anonymous auth
by self write
by * none
access to *
by dn="cn=admin,ou=People,dc=digiterra,dc=com" write
by * read
Reply to: