LDAP+SASL
 

Hi gurus,

I'm attempting to set up LDAP and I've run into a snag. Linux clients
bind fine without SASL, but a Mac client is trying to bind with it. My
understanding is that this is because slapd is advertising SASL as a
valid authentication mechanism, and so the Macs see that and are running
with it.

I've attempted to set up SASL -- I've created the /etc/sasldb2 with my
directory admin's password:

saslpasswd2 -c <diradmin>
Password: <diradmin's password>
Again (for verification): <diadmin's password>

And I've set up a sasl-regexp:

sasl-regexp uid=(.*),cn=.*,cn=auth
uid=$1,ou=People,dc=nimbios,dc=org

But when I try to bind the client, I get the following in my log file:

slapd[6200]: <= bdb_equality_candidates: (ou) not indexed
slapd[6200]: SASL [conn=9] Failure: no secret in database

So I have two options -- either figure out how to set up SASL properly,
or figure out how to tell slapd to tell the Mac client that SASL is not
one of the valid authentication mechanisms (and then use SSL for
encryption).

Can anyone lend me a hand?

Michael


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users