On 4/22/06, Dan Nicholson <dbn.lists@xxxxxxxxx> wrote: > On 4/22/06, Dan Nicholson <dbn.lists@xxxxxxxxx> wrote: > > > > Patrick, I'm going to assume that I have the same setup as you since I > > took mine entirely from the Book of Postfix. I was having the same > > problems with openldap-2.3.x, but I think I've solved the problem. > > The big thing was getting the regexp in /etc/openldap/slapd.conf to > > work correctly. Now, ldapwhoami checks out as well as ldapdb > > authorization through the cyrus-sasl client/server utilities. > > I lied. That worked when I only had one user under ou=people. Now I > have two, and one authenticates and one doesn't. I'm baffled. Here's > some output trying to authenticate through ldapwhoami with the > troublesome user. > > $ ldapwhoami -Y DIGEST-MD5 -U proxy -X u:dan > SASL/DIGEST-MD5 authentication started > Please enter your password: > ldap_sasl_interactive_bind_s: Insufficient access (50) > additional info: SASL(-14): authorization failure: not authorized Changing my proxy user authzTo to this regex solved the ldapwhoami problem. authzTo: dn.regex:uid=[^,]*,ou=people,dc=foo,dc=com cyrus-sasl-2.1.21 server/client utilities now work too with ldapdb. -- Dan
