[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SASL Authentication against LDAP
Hi,
thanks for the tips. Now it seems that SASL connects to LDAP and
authenticates when I use the testsasl proggy. But Cyrus does not
seem to use this method. Have you got an idea what went wrong?
My imapd.conf looks now like this:
postmaster: postmaster
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus root
pwcheck_method: saslauthd
tls_ca_file: /var/imap/server.pem
tls_cert_file: /var/imap/server.pem
tls_key_file: /var/imap/server.pem
sasl_passwd_check: saslauthd
sasl_ldap_servers: localhost
sasl_ldap_bind_dn: uid=manager, ou=users, dc=wizards, dc=at
sasl_ldap_bind_pw: mysecretpassword
When I try to connect to localhost with the root account, the following
hapens:
p15090634:~ # cyradm
cyradm> connect localhost
IMAP Password:Login failed: user not found at /usr/lib/perl5/site_perl/5.6.0/i586-linux/Cyrus/IMAP/Admin.pm line 78
server: localhost: cannot authenticate
localhost.localdomain>
and the connection results in these messages:
Aug 6 22:42:31 p15090634 master[846]: process 858 exited, status 0
Aug 6 22:42:31 p15090634 ctl_cyrusdb[857]: done checkpointing cyrus databases
Aug 6 22:42:31 p15090634 master[846]: process 857 exited, status 0
Aug 6 22:42:38 p15090634 master[861]: about to exec /usr/cyrus/bin/imapd
Aug 6 22:42:38 p15090634 imap[861]: executed
Aug 6 22:42:38 p15090634 imapd[861]: accepted connection
Aug 6 22:42:47 p15090634 imapd[861]: badlogin: localhost.localdomain[127.0.0.1] plaintext root SASL(-13): user not found: checkpass failed
I've also configured /usr/local/etc/saslauthd.conf like this:
ldap_servers: ldap://localhost/
ldap_bind_dn: cn=manager, ou=users, dc=wizards, dc=at
ldap_bind_pw: mysecretpassword
ldap_version: 3
ldap_search_base: dc=wizards, dc=at
ldap_verbose: on
ldap_debug: 3
Greetings, Lothar
On Tue, Aug 06, 2002 at 10:17:19AM -0400, Igor Brezac wrote:
>
> On Tue, 6 Aug 2002, Lothar Handl wrote:
>
> > Hello.
> >
> > First of all, I am new to this list and I hope not to be off topic
> > with my question.
> > On my system I try to install Cyrus IMAP and want to authenticate
> > against my LDAP tree. I tried to configure SASL with the LDAP Patch
> > directly, but I could not compile it on my SuSE 7.2 Linux. So I chose
> > to use SASL2 and authenticate via PAM, but it does not seem even to
> > ask PAM. My imapd.conf looks like this:
> >
> > postmaster: postmaster
> > configdirectory: /var/imap
> > partition-default: /var/spool/imap
> > admins: cyrus root
> > allowanonymouslogin: no
> > allowplaintext: yes
> > sasl_mech_list: PLAIN
> > srvtab: /var/imap/srvtab
> > sasl_passwd_check: pam
> > tls_ca_file: /var/imap/server.pem
> > tls_cert_file: /var/imap/server.pem
> > tls_key_file: /var/imap/server.pem
> >
> > I followed the instructions in the Cyrus IMAP Howto on tldp.org. I
> > don't think the failure lies in LDAP directly because nss_ldap and
> > pam_ldap seem to work on my system.
> > I hope you can help me. Do you have a recipie or something like that?
> > Indeed I am not happy with SASL and hope to find another way of doing it.
> >
>
> pam is not a valid sasl_passwd_check in sasl v2. You need to use
> sasl_passwd_check: saslauthd. You also need to start 'saslauthd -a
> pam'.
>
> Alternatively, you can try to use ldap support in saslauthd. You will
> need to download the latest cyrus-sasl from
> http://asg.web.cmu.edu/cyrus/download/. The saslauthd ldap docs were
> omitted from this release, but you can find them in CVS,
> http://bugzilla.andrew.cmu.edu/cvsweb/src/sasl/saslauthd/LDAP_SASLAUTHD?rev=1.3&content-type=text/x-cvsweb-markup
>
> --
> Igor
>