LDAP authentication and SASL/PLAIN

To: "Debian user mailing list \(E-mail\)" <debian-user@lists.debian.org>
Subject: LDAP authentication and SASL/PLAIN
From: "Mullins, Ron" <rmullins@DigiTerra.com>
Date: Wed, 4 Apr 2001 16:48:53 -0500
Message-id: <[🔎] ED44D1F5E754D311B8930000F6CD37AD034148F6@exch-eas-sb.digiterra-inc.com>

Dear fellow Debianites:
Hopefully there are those of you out there who have experience with the
OpenLDAP server 2.0.7 (from Sid) and it's authentication methodologies,
'cause I need help bad. I'm trying to move to LDAP authentication and will
be using the libpam_ldap to do so. Setting up the server is no problem, I'm
having troubles getting PLAIN authentication to work. I get errors using the
ldapsearch unless I use the -x

When I leave the SASL_SECPROPS at the default in the config files (which
won't work for me anyway), I get:

$ldapsearch -W -D "cn=admin,ou=People,dc=digiterra,dc=com" 'objectClass=*'
Enter LDAP Password:
ldap_sasl_interactive_bind_s: No such attribute 

When I set the SASL_SECPROPS to none, I get:

-$ldapsearch -W -D "cn=admin,ou=People,dc=digiterra,dc=com" 'objectClass=*'
-Enter LDAP Password:
-SASL/LOGIN authentication started
-ldap_sasl_interactive_bind_s: Out of memory

I've been going back over this for a week trying to figure out
when/what/where/why for pam->ldap->sasl->tts/ssl and I'm blurried eyed. I
finally noticed the SASL/LOGIN in the last attempt. Now to my understanding
I want SASL/PLAIN so I can use the libpam_ldap. How do I get this to happen?
Plain is available:

-$ldapsearch -x -b "" -s base -LL supportedSASLMechanisms
-dn:
-supportedSASLMechanisms: LOGIN
-supportedSASLMechanisms: PLAIN
-supportedSASLMechanisms: ANONYMOUS

I could really use some guidance. I have no idea how to tell SASL to do
plain authentication in this case. I've read many a 'mini-howto' on doing
this and I've set my options similar, but there is something still escaping
me. I'm including my configs below. Thank for any help.


############
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.4.8.6 2000/09/05
#
BASE	dc=digiterra, dc=com
SASL_SECPROPS none


#############
# Schema and objectClass definitions
include		/etc/ldap/schema/core.schema
include		/etc/ldap/schema/cosine.schema
include		/etc/ldap/schema/nis.schema

schemacheck	off
#referral	ldap://ldap.four11.com
pidfile		/var/run/slapd.pid
argsfile	/var/run/slapd.args
loglevel	0
sasl-secprops   none

# ldbm database definitions
database	ldbm
suffix		"dc=digiterra,dc=com"
directory	"/var/lib/ldap"
lastmod on
access to dn=".*,ou=Roaming,dc=digiterra,dc=com"
	by dnattr=owner write
access to attribute=userPassword
	by dn="cn=admin,ou=People,dc=digiterra,dc=com" write
	by anonymous auth
	by self write
	by * none
access to *
	by dn="cn=admin,ou=People,dc=digiterra,dc=com" write
	by * read

Reply to:

Prev by Date: Re: Are you guys sure about that?
Next by Date: Re: keyserver has problem???
Previous by thread: Re: Are you guys sure about that?
Next by thread: Re: debian-user-digest Digest V101 #262
Index(es):
- Date
- Thread