[英]OpenLDAP SASL Authentication
I'm setting up this authentication through OpenLDAP: 我正在通过OpenLDAP设置此身份验证:
OpenLDAP -> Pass-through (External authentication) -> SASL -> PAM -> RSA Agent OpenLDAP->传递(外部身份验证)-> SASL-> PAM-> RSA代理
In order to access to an application via a RSA Token. 为了通过RSA令牌访问应用程序。
Starting from the bottom to the top: 从底部到顶部:
This is my PAM configuration: 这是我的PAM配置:
#%PAM-1.0
auth required pam_securid.so
account sufficient pam_ldap.so
account include password-auth
password sufficient pam_ldap.so
password include password-auth
This test works great: 该测试效果很好:
[root@ldap ~]# testsaslauthd -u goingsolo -p 11111111
0: OK "Success."
OpenLdap is correctly configured to works with the SASL Authenticatino in PLAIN: OpenLdap已正确配置为可与PLAIN中的SASL Authenticatino配合使用:
[root@ldap /]# ldapsearch -h localhost -b "" -LLL -s base supportedSASLMechanisms -x
dn:
supportedSASLMechanisms: PLAIN
And the userPassword
of my goingsolo user is configured with {SASL}goingsolo
And if I do a SASL bind it works: 我的goingsolo用户的
userPassword
配置为{SASL}goingsolo
。如果我执行SASL绑定,它可以工作:
[root@datap-keldap-1-n01 /]# ldapsearch -h localhost -b dc=ldap,dc=com -U "goingsolo" -w 11111111
SASL/PLAIN authentication started
0: OK "Success."
The problem is when I perform a simple bind with -D instead of -U, I receive invalid credentials: 问题是,当我使用-D而不是-U执行简单绑定时,收到无效的凭据:
[root@datap-keldap-1-n01 /]# ldapsearch -h localhost -b dc=ldap,dc=com -D "cn=goingsolo,ou=People,dc=ldap,dc=com" -w 11111111
ldap_bind: Invalid credentials (49)
Also when performing a sasl bind with the full dn, the authentication fails because from the /var/lag/messages: 同样,当使用完整的dn执行sasl绑定时,由于/ var / lag / messages中的消息,身份验证失败:
Mar 27 19:01:00 ldap saslauthd[11777]: do_auth : auth failure: [user=cn=goingsolo,ou=People,dc=ldap,dc=com] [service=ldap] [realm=] [mech=pam] [reason=PAM auth error]
I guess this is because it does not a translate from the full dn to the simple user (goingsolo). 我猜这是因为它不是从完整dn到简单用户(goingsolo)的转换。
Any tips on what should I check? 关于应该检查什么的任何提示?
The problem was how OpenLdap was build (I guess wrong compiling). 问题在于OpenLdap的构建方式(我猜编译有误)。 I tryed to reinstall it and then it worked.
我试图重新安装它,然后它起作用了。 Be sure the SASL machanism is set to plain.
确保将SASL机制设置为简单。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.