openldap添加digest-md5认证问题
leuzz 2012-03-17 11:20:14 我的openldap服务器已经搭建起来了,但是现在只支持匿名登录,现在要加入sasl的digest-md5认证
slapd.conf文件配置:
database bdb
suffix "dc=it,dc=com"
rootdn "cn=root,dc=it,dc=com"
sasl-regexp
uid=(.*),cn=digest-md5,cn=auth
uid=$1,dc=it,dc=com
使用saslpasswd2 -c qq (设置密码:123) 密码被保存到/etc/sasldb2
ldap里面已经添加了用户qq的记录
linux:~ # ldapsearch -b "dc=it,dc=com" -x
# extended LDIF
#
# LDAPv3
# base <dc=it,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# it.com
dn: dc=it,dc=com
objectClass: dcObject
objectClass: organization
dc: it
o: Corporation
description: d Corporation
# qq, it.com
dn: uid=qq,dc=it,dc=com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: qq
cn: qq
sn: qq
telephoneNumber: 138888888
userPassword:: e1NTSEF9V0I4cnRjTUVlK2d5Q09tQktERUNaQVB5NDQyMW5aT0k=
使用md5方式时
linux:~ # ldapsearch -D "uid=qq,dc=it,dc=com" -Y digest-md5 -U qq
(输入密码123)
提示:ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): user not found: no secret in database
用以下命令发现已经保存有qq的密码,但是还是不行
linux:~ # sasldblistusers2
mike@linux: userPassword
qq@linux: userPassword
root@linux: userPassword
mike@linux: cmusaslsecretOTP
qq@linux: cmusaslsecretOTP
root@linux: cmusaslsecretOTP
希望有用过这个功能的帮忙分析一下