[Date Prev][Date Next] [Chronological] [Thread] [Top]

Can't get password passthrough to work with openldap

To: openldap-technical@openldap.org, 4krishan@gmail.com
Subject: Can't get password passthrough to work with openldap
From: k pur <4krishan@gmail.com>
Date: Tue, 16 Mar 2010 10:28:22 +0000
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=XoE3XSYX8OYCe4HriWKMzrETca0CzCuviY706tZK8mc=; b=qfXuihSqmr86+lUSMaoldkgefjq1kzma4jCDdkmsfYGbacZBXoQFxzWs42s0rLuXnz J0yj3JeSRAVVt8dMwdkWJm6YR2b+BYZyHwnJCgil19vKVp8pHOqhF+P0Y2Ybqlymuizn 5TAXxsUwru1iym/L6xF//CATIV8S10VYXmhxA=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=adjDGeT5JSYvPZjBakxUotKR5XRUgEh9d0wboOPWaGNa0uBiax+B6iUsJfnUbbHkBj mC0ofFqv7k685cdvBE7jI8xZBSp0woZsUDVt1v867ODMXZdlqtiAyUhMCDafNHxK/aXF pK3dWssi8oc13qEt2IZHGxcXB7NBSjCdnEDcA=

Hi,
   I am trying to get Pass-Through authentication to work for password
   verification.

   Following the 'Pass-Through authentication' (14.5) in the openldap 2.4
   admin guide, I hve configured saslauthd and slapd.conf (sasl) and

   managed to successfully authenticate with Active Directory (AD) using 
   the 'testsaslauthd' utility.

   Setting a user password in my openldap database in the form

   dn: uid=user,ou=org,dc=org.com

   userPassword: {SASL}joe@ad.example.com

   where joe@ad.example.com is the userPrincipalName defined for this

   user in AD.

   I can't authenticate, when using the ldapsearch command

     $ ldapsearch -x -v -D 'uid=joe,ou=people,dc=myorg.com' -W -h ldaphost

     Comes up with error (49)


     I have enabled --enable-spasswd --with-cyrus-sasl when compiling openldap


     Has anybody configured this type of setup successfully?

     My question is - how do I configure my openldap server to talk to

     'saslauthd' - which openldap's passthrough delegates password
     authentication to, when the userpassword is in the form
               
	       userPassword: {SASL}joe@ad.example.com


     Do I need to have some extra configurations in my openldap slapd.conf
     file? Currently I only have sasl-host and sasl-secprops defined, as:-

        sasl-host 127.0.0.1  # (where my openldap server runs as well)

        sasl-secprops none


     Do I need to do any auth-regex for any translation?


     This is my openldap entry for user joe

     dn: uid=joe,ou=people,dc=myorg.com           

     objectclass: top
     objectclass: person
     objectclass: organizationalPerson
     objectclass: inetOrgPerson
     cn: Joe
     sn: Bloggs
     telephoneNumber: 3333
     userPassword: {SASL}joe@ad.example.com

     physicalDeliveryOfficeName: J2B/1
     givenName: joe
     uid: joe


     Below is my /usr/lib/sasl2/slapd.conf file
    
     mech_list: plain
     pwcheck_method: saslauthd
     saslauthd_path: /var/run/saslauthd/mux



     Below is my /etc/saslauthd.conf  file

    ldap_servers: ldap://ad.example.com:389

    ldap_search_base: ou=People,dc=ad,dc=example,dc=com
    ldap_filter: (userPrincipalName=%u)


    ldap_bind_dn: cn=admin,cn=Users,dc=ad,dc=example,dc=com
    ldap_password: mypassword


     Any help will be greatly appreciated.


     Many Thanks

     krishan

Follow-Ups:
- Re: Can't get password passthrough to work with openldap
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: Re: LDAP_AUTH_METHOD_NOT_SUPPORTED with ldap_sasl_bind
Next by Date: Re: Can't get password passthrough to work with openldap
Index(es):
- Chronological
- Thread