[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SASL Authentication against LDAP
Add
sasl_pwcheck_method: saslauthd
to imapd.conf, restart imapd and hopefully it'll work.
-Igor
On Tue, 6 Aug 2002, Lothar Handl wrote:
> Hi,
>
> thanks for the tips. Now it seems that SASL connects to LDAP and
> authenticates when I use the testsasl proggy. But Cyrus does not
> seem to use this method. Have you got an idea what went wrong?
>
> My imapd.conf looks now like this:
> postmaster: postmaster
> configdirectory: /var/imap
> partition-default: /var/spool/imap
> admins: cyrus root
> pwcheck_method: saslauthd
> tls_ca_file: /var/imap/server.pem
> tls_cert_file: /var/imap/server.pem
> tls_key_file: /var/imap/server.pem
> sasl_passwd_check: saslauthd
> sasl_ldap_servers: localhost
> sasl_ldap_bind_dn: uid=manager, ou=users, dc=wizards, dc=at
> sasl_ldap_bind_pw: mysecretpassword
>
> When I try to connect to localhost with the root account, the following
> hapens:
> p15090634:~ # cyradm
> cyradm> connect localhost
> IMAP Password:Login failed: user not found at /usr/lib/perl5/site_perl/5.6.0/i586-linux/Cyrus/IMAP/Admin.pm line 78
> server: localhost: cannot authenticate
> localhost.localdomain>
>
> and the connection results in these messages:
> Aug 6 22:42:31 p15090634 master[846]: process 858 exited, status 0
> Aug 6 22:42:31 p15090634 ctl_cyrusdb[857]: done checkpointing cyrus databases
> Aug 6 22:42:31 p15090634 master[846]: process 857 exited, status 0
> Aug 6 22:42:38 p15090634 master[861]: about to exec /usr/cyrus/bin/imapd
> Aug 6 22:42:38 p15090634 imap[861]: executed
> Aug 6 22:42:38 p15090634 imapd[861]: accepted connection
> Aug 6 22:42:47 p15090634 imapd[861]: badlogin: localhost.localdomain[127.0.0.1] plaintext root SASL(-13): user not found: checkpass failed
>
> I've also configured /usr/local/etc/saslauthd.conf like this:
> ldap_servers: ldap://localhost/
> ldap_bind_dn: cn=manager, ou=users, dc=wizards, dc=at
> ldap_bind_pw: mysecretpassword
> ldap_version: 3
> ldap_search_base: dc=wizards, dc=at
> ldap_verbose: on
> ldap_debug: 3
>
>
> Greetings, Lothar
>
> On Tue, Aug 06, 2002 at 10:17:19AM -0400, Igor Brezac wrote:
> >
> > On Tue, 6 Aug 2002, Lothar Handl wrote:
> >
> > > Hello.
> > >
> > > First of all, I am new to this list and I hope not to be off topic
> > > with my question.
> > > On my system I try to install Cyrus IMAP and want to authenticate
> > > against my LDAP tree. I tried to configure SASL with the LDAP Patch
> > > directly, but I could not compile it on my SuSE 7.2 Linux. So I chose
> > > to use SASL2 and authenticate via PAM, but it does not seem even to
> > > ask PAM. My imapd.conf looks like this:
> > >
> > > postmaster: postmaster
> > > configdirectory: /var/imap
> > > partition-default: /var/spool/imap
> > > admins: cyrus root
> > > allowanonymouslogin: no
> > > allowplaintext: yes
> > > sasl_mech_list: PLAIN
> > > srvtab: /var/imap/srvtab
> > > sasl_passwd_check: pam
> > > tls_ca_file: /var/imap/server.pem
> > > tls_cert_file: /var/imap/server.pem
> > > tls_key_file: /var/imap/server.pem
> > >
> > > I followed the instructions in the Cyrus IMAP Howto on tldp.org. I
> > > don't think the failure lies in LDAP directly because nss_ldap and
> > > pam_ldap seem to work on my system.
> > > I hope you can help me. Do you have a recipie or something like that?
> > > Indeed I am not happy with SASL and hope to find another way of doing it.
> > >
> >
> > pam is not a valid sasl_passwd_check in sasl v2. You need to use
> > sasl_passwd_check: saslauthd. You also need to start 'saslauthd -a
> > pam'.
> >
> > Alternatively, you can try to use ldap support in saslauthd. You will
> > need to download the latest cyrus-sasl from
> > http://asg.web.cmu.edu/cyrus/download/. The saslauthd ldap docs were
> > omitted from this release, but you can find them in CVS,
> > http://bugzilla.andrew.cmu.edu/cvsweb/src/sasl/saslauthd/LDAP_SASLAUTHD?rev=1.3&content-type=text/x-cvsweb-markup
> >
> > --
> > Igor
> >
>
--
Igor