...
Config OpenLDAP DIGEST-MD5
1. Edit /etc/openldap/slapd.conf, add the following:
| Code Block |
|---|
password-hash {CLEARTEXT}
sasl-realm dell-d830
authz-regexp
uid=(\[^,\]*),cn=dell-d830,cn=digest-md5,cn=auth
ldap:///o=langhua,c=cn??sub?(uid=$1)
|
...
| Code Block |
|---|
Feb 8 03:48:47 localhost slapd[11389]: daemon: activity on 1 descriptor
Feb 8 03:48:47 localhost slapd[11389]: daemon: activity on:
Feb 8 03:48:47 localhost slapd[11389]:
Feb 8 03:48:47 localhost slapd[11389]: slap_listener_activate(7):
Feb 8 03:48:47 localhost slapd[11389]: >>> slap_listener(ldap:///)
Feb 8 03:48:47 localhost slapd[11389]: daemon: listen=7, new connection on 12
Feb 8 03:48:47 localhost slapd[11389]: daemon: added 12r (active) listener=(nil)
Feb 8 03:48:47 localhost slapd[11389]: daemon: epoll: listen=7 active_threads=0 tvp=zero
Feb 8 03:48:47 localhost slapd[11389]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Feb 8 03:48:47 localhost slapd[11389]: daemon: activity on 1 descriptor
Feb 8 03:48:47 localhost slapd[11389]: daemon: activity on:
Feb 8 03:48:47 localhost slapd[11389]:
Feb 8 03:48:47 localhost slapd[11389]: daemon: epoll: listen=7 active_threads=0 tvp=zero
Feb 8 03:48:47 localhost slapd[11389]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Feb 8 03:48:47 localhost slapd[11389]: daemon: activity on 1 descriptor
Feb 8 03:48:47 localhost slapd[11389]: daemon: activity on:
Feb 8 03:48:47 localhost slapd[11389]: 12r
Feb 8 03:48:47 localhost slapd[11389]:
Feb 8 03:48:47 localhost slapd[11389]: daemon: read active on 12
Feb 8 03:48:47 localhost slapd[11389]: connection_get(12)
Feb 8 03:48:47 localhost slapd[11389]: connection_get(12): got connid=0
Feb 8 03:48:47 localhost slapd[11389]: connection_read(12): checking for input on id=0
Feb 8 03:48:47 localhost slapd[11389]: conn=0 op=0 do_bind
Feb 8 03:48:47 localhost slapd[11389]: >>> dnPrettyNormal: <>
Feb 8 03:48:47 localhost slapd[11389]: <<< dnPrettyNormal: <>, <>
Feb 8 03:48:47 localhost slapd[11389]: do_bind: dn () SASL mech DIGEST-MD5
Feb 8 03:48:47 localhost slapd[11389]: ==> sasl_bind: dn="" mech=DIGEST-MD5 datalen=0
Feb 8 03:48:47 localhost slapd[11389]: SASL [conn=0] Debug: DIGEST-MD5 server step 1
Feb 8 03:48:47 localhost slapd[11389]: send_ldap_sasl: err=14 len=182
Feb 8 03:48:47 localhost slapd[11389]: send_ldap_response: msgid=1 tag=97 err=14
Feb 8 03:48:47 localhost slapd[11389]: <== slap_sasl_bind: rc=14
Feb 8 03:48:47 localhost slapd[11389]: daemon: epoll: listen=7 active_threads=0 tvp=zero
Feb 8 03:48:47 localhost slapd[11389]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Feb 8 03:48:47 localhost slapd[11389]: daemon: activity on 1 descriptor
Feb 8 03:48:47 localhost slapd[11389]: daemon: activity on:
Feb 8 03:48:47 localhost slapd[11389]:
Feb 8 03:48:47 localhost slapd[11389]: daemon: epoll: listen=7 active_threads=0 tvp=zero
Feb 8 03:48:47 localhost slapd[11389]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Feb 8 03:48:47 localhost slapd[11389]: daemon: activity on 1 descriptor
Feb 8 03:48:47 localhost slapd[11389]: daemon: activity on:
Feb 8 03:48:47 localhost slapd[11389]: 12r
Feb 8 03:48:47 localhost slapd[11389]:
Feb 8 03:48:47 localhost slapd[11389]: daemon: read active on 12
Feb 8 03:48:47 localhost slapd[11389]: connection_get(12)
Feb 8 03:48:47 localhost slapd[11389]: connection_get(12): got connid=0
Feb 8 03:48:47 localhost slapd[11389]: connection_read(12): checking for input on id=0
Feb 8 03:48:47 localhost slapd[11389]: conn=0 op=1 do_bind
Feb 8 03:48:47 localhost slapd[11389]: >>> dnPrettyNormal: <>
Feb 8 03:48:47 localhost slapd[11389]: <<< dnPrettyNormal: <>, <>
Feb 8 03:48:47 localhost slapd[11389]: do_bind: dn () SASL mech DIGEST-MD5
Feb 8 03:48:47 localhost slapd[11389]: ==> sasl_bind: dn="" mech=<continuing> datalen=255
Feb 8 03:48:47 localhost slapd[11389]: SASL [conn=0] Debug: DIGEST-MD5 server step 2
Feb 8 03:48:47 localhost slapd[11389]: SASL Canonicalize [conn=0]: authcid="test"
Feb 8 03:48:47 localhost slapd[11389]: slap_sasl_getdn: conn 0 id=test [len=5]
Feb 8 03:48:47 localhost slapd[11389]: slap_sasl_getdn: u:id converted to uid=test,cn=dell-d830,cn=DIGEST-MD5,cn=auth
Feb 8 03:48:47 localhost slapd[11389]: >>> dnNormalize: <uid=test,cn=dell-d830,cn=DIGEST-MD5,cn=auth>
Feb 8 03:48:47 localhost slapd[11389]: <<< dnNormalize: <uid=test,cn=dell-d830,cn=digest-md5,cn=auth>
Feb 8 03:48:47 localhost slapd[11389]: ==>slap_sasl2dn: converting SASL name uid=test,cn=dell-d830,cn=digest-md5,cn=auth to a DN
Feb 8 03:48:47 localhost slapd[11389]: [rw] authid: "uid=test,cn=dell-d830,cn=digest-md5,cn=auth" -> "ldap:///o=langhua,c=cn??sub?(uid=test)"
Feb 8 03:48:47 localhost slapd[11389]: slap_parseURI: parsing ldap:///o=langhua,c=cn??sub?(uid=test)
Feb 8 03:48:47 localhost slapd[11389]: str2filter "(uid=test)"
Feb 8 03:48:47 localhost slapd[11389]: begin get_filter
Feb 8 03:48:47 localhost slapd[11389]: EQUALITY
Feb 8 03:48:47 localhost slapd[11389]: end get_filter 0
Feb 8 03:48:47 localhost slapd[11389]: >>> dnNormalize: <o=langhua,c=cn>
Feb 8 03:48:47 localhost slapd[11389]: <<< dnNormalize: <o=langhua,c=cn>
Feb 8 03:48:47 localhost slapd[11389]: slap_sasl2dn: performing internal search (base=o=langhua,c=cn, scope=2)
Feb 8 03:48:47 localhost slapd[11389]: => bdb_search
Feb 8 03:48:47 localhost slapd[11389]: bdb_dn2entry("o=langhua,c=cn")
Feb 8 03:48:47 localhost slapd[11389]: => bdb_dn2id("o=langhua,c=cn")
Feb 8 03:48:47 localhost slapd[11389]: <= bdb_dn2id: got id=0x1
Feb 8 03:48:47 localhost slapd[11389]: entry_decode: "o=langhua,c=cn"
Feb 8 03:48:47 localhost slapd[11389]: <= entry_decode(o=langhua,c=cn)
Feb 8 03:48:47 localhost slapd[11389]: => access_allowed: auth access to "o=langhua,c=cn" "entry" requested
Feb 8 03:48:47 localhost slapd[11389]: => slap_access_allowed: backend default auth access granted to "(anonymous)"
Feb 8 03:48:47 localhost slapd[11389]: => access_allowed: auth access granted by read(=rscxd)
Feb 8 03:48:47 localhost slapd[11389]: search_candidates: base="o=langhua,c=cn" (0x00000001) scope=2
Feb 8 03:48:47 localhost slapd[11389]: => bdb_dn2idl("o=langhua,c=cn")
Feb 8 03:48:47 localhost slapd[11389]: => bdb_filter_candidates
Feb 8 03:48:47 localhost slapd[11389]: #011AND
Feb 8 03:48:47 localhost slapd[11389]: => bdb_list_candidates 0xa0
Feb 8 03:48:47 localhost slapd[11389]: => bdb_filter_candidates
Feb 8 03:48:47 localhost slapd[11389]: #011OR
Feb 8 03:48:47 localhost slapd[11389]: => bdb_list_candidates 0xa1
Feb 8 03:48:47 localhost slapd[11389]: => bdb_filter_candidates
Feb 8 03:48:47 localhost slapd[11389]: #011EQUALITY
Feb 8 03:48:47 localhost slapd[11389]: => bdb_equality_candidates (objectClass)
Feb 8 03:48:47 localhost slapd[11389]: => key_read
Feb 8 03:48:47 localhost slapd[11389]: bdb_idl_fetch_key: [b49d1940]
Feb 8 03:48:47 localhost slapd[11389]: <= bdb_index_read: failed (-30989)
Feb 8 03:48:47 localhost slapd[11389]: <= bdb_equality_candidates: id=0, first=0, last=0
Feb 8 03:48:47 localhost slapd[11389]: <= bdb_filter_candidates: id=0 first=0 last=0
Feb 8 03:48:47 localhost slapd[11389]: => bdb_filter_candidates
Feb 8 03:48:47 localhost slapd[11389]: #011EQUALITY
Feb 8 03:48:47 localhost slapd[11389]: => bdb_equality_candidates (uid)
Feb 8 03:48:47 localhost slapd[11389]: => key_read
Feb 8 03:48:47 localhost slapd[11389]: bdb_idl_fetch_key: [36e55cac]
Feb 8 03:48:47 localhost slapd[11389]: <= bdb_index_read 1 candidates
Feb 8 03:48:47 localhost slapd[11389]: <= bdb_equality_candidates: id=1, first=79, last=79
Feb 8 03:48:47 localhost slapd[11389]: <= bdb_filter_candidates: id=1 first=79 last=79
Feb 8 03:48:47 localhost slapd[11389]: <= bdb_list_candidates: id=1 first=79 last=79
Feb 8 03:48:47 localhost slapd[11389]: <= bdb_filter_candidates: id=1 first=79 last=79
Feb 8 03:48:47 localhost slapd[11389]: <= bdb_list_candidates: id=1 first=79 last=79
Feb 8 03:48:47 localhost slapd[11389]: <= bdb_filter_candidates: id=1 first=79 last=79
Feb 8 03:48:47 localhost slapd[11389]: bdb_search_candidates: id=1 first=79 last=79
Feb 8 03:48:47 localhost slapd[11389]: entry_decode: "uid=test,ou=beijing,o=langhua,c=cn"
Feb 8 03:48:47 localhost slapd[11389]: <= entry_decode(uid=test,ou=beijing,o=langhua,c=cn)
Feb 8 03:48:47 localhost slapd[11389]: => bdb_dn2id("ou=beijing,o=langhua,c=cn")
Feb 8 03:48:47 localhost slapd[11389]: <= bdb_dn2id: got id=0x3
Feb 8 03:48:47 localhost slapd[11389]: => bdb_dn2id("uid=test,ou=beijing,o=langhua,c=cn")
Feb 8 03:48:47 localhost slapd[11389]: <= bdb_dn2id: got id=0x4f
Feb 8 03:48:47 localhost slapd[11389]: => test_filter
Feb 8 03:48:47 localhost slapd[11389]: EQUALITY
Feb 8 03:48:47 localhost slapd[11389]: => access_allowed: auth access to "uid=test,ou=beijing,o=langhua,c=cn" "uid" requested
Feb 8 03:48:47 localhost slapd[11389]: => slap_access_allowed: backend default auth access granted to "(anonymous)"
Feb 8 03:48:47 localhost slapd[11389]: => access_allowed: auth access granted by read(=rscxd)
Feb 8 03:48:47 localhost slapd[11389]: <= test_filter 6
Feb 8 03:48:47 localhost slapd[11389]: send_ldap_result: conn=0 op=1 p=3
Feb 8 03:48:47 localhost slapd[11389]: send_ldap_result: err=0 matched="" text=""
Feb 8 03:48:47 localhost slapd[11389]: <==slap_sasl2dn: Converted SASL name to uid=test,ou=beijing,o=langhua,c=cn
Feb 8 03:48:47 localhost slapd[11389]: slap_sasl_getdn: dn:id converted to uid=test,ou=beijing,o=langhua,c=cn
Feb 8 03:48:47 localhost slapd[11389]: SASL Canonicalize [conn=0]: slapAuthcDN="uid=test,ou=beijing,o=langhua,c=cn"
Feb 8 03:48:47 localhost slapd[11389]: => bdb_search
Feb 8 03:48:47 localhost slapd[11389]: bdb_dn2entry("uid=test,ou=beijing,o=langhua,c=cn")
Feb 8 03:48:47 localhost slapd[11389]: => access_allowed: auth access to "uid=test,ou=beijing,o=langhua,c=cn" "entry" requested
Feb 8 03:48:47 localhost slapd[11389]: => slap_access_allowed: backend default auth access granted to "(anonymous)"
Feb 8 03:48:47 localhost slapd[11389]: => access_allowed: auth access granted by read(=rscxd)
Feb 8 03:48:47 localhost slapd[11389]: base_candidates: base: "uid=test,ou=beijing,o=langhua,c=cn" (0x0000004f)
Feb 8 03:48:47 localhost slapd[11389]: => test_filter
Feb 8 03:48:47 localhost slapd[11389]: PRESENT
Feb 8 03:48:47 localhost slapd[11389]: => access_allowed: auth access to "uid=test,ou=beijing,o=langhua,c=cn" "objectClass" requested
Feb 8 03:48:47 localhost slapd[11389]: => slap_access_allowed: backend default auth access granted to "(anonymous)"
Feb 8 03:48:47 localhost slapd[11389]: => access_allowed: auth access granted by read(=rscxd)
Feb 8 03:48:47 localhost slapd[11389]: <= test_filter 6
Feb 8 03:48:47 localhost slapd[11389]: slap_ap_lookup: str2ad(cmusaslsecretDIGEST-MD5): attribute type undefined
Feb 8 03:48:47 localhost slapd[11389]: send_ldap_result: conn=0 op=1 p=3
Feb 8 03:48:47 localhost slapd[11389]: send_ldap_result: err=0 matched="" text=""
Feb 8 03:48:47 localhost slapd[11389]: SASL Canonicalize [conn=0]: authzid="test"
Feb 8 03:48:47 localhost slapd[11389]: SASL proxy authorize [conn=0]: authcid="test@dell-d830" authzid="test@dell-d830"
Feb 8 03:48:47 localhost slapd[11389]: SASL Authorize [conn=0]: proxy authorization allowed authzDN=""
Feb 8 03:48:47 localhost slapd[11389]: daemon: epoll: listen=7 active_threads=0 tvp=zero
Feb 8 03:48:47 localhost slapd[11389]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Feb 8 03:48:47 localhost slapd[11389]: daemon: activity on 1 descriptor
Feb 8 03:48:47 localhost slapd[11389]: daemon: activity on:
Feb 8 03:48:47 localhost slapd[11389]:
Feb 8 03:48:47 localhost slapd[11389]: daemon: epoll: listen=7 active_threads=0 tvp=zero
Feb 8 03:48:47 localhost slapd[11389]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Feb 8 03:48:47 localhost slapd[11389]: send_ldap_sasl: err=0 len=40
Feb 8 03:48:47 localhost slapd[11389]: do_bind: SASL/DIGEST-MD5 bind: dn="uid=test,ou=beijing,o=langhua,c=cn" sasl_ssf=0
Feb 8 03:48:47 localhost slapd[11389]: send_ldap_response: msgid=2 tag=97 err=0
Feb 8 03:48:47 localhost slapd[11389]: <== slap_sasl_bind: rc=0
|
That's it. Good luck!
Shi Yusen/Beijing Langhua Ltd.
http://www.langhua.cn/