[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL Authentication against LDAP



Hi,

that was a good hint, as well as the one from Igor. But there
is still a problem.

Aug  7 18:57:25 p15090634 slapd[18688]: daemon: conn=18 fd=21 connection from IP=127.0.0.1:35614 (IP=0.0.0.0:389) accepted.
Aug  7 18:57:25 p15090634 slapd[18701]: conn=18 op=0 BIND dn="" method=128
Aug  7 18:57:25 p15090634 slapd[18701]: conn=18 op=0 RESULT tag=97 err=0 text=
Aug  7 18:57:25 p15090634 slapd[18703]: conn=18 op=1 SRCH base="dc=wizards,dc=at" scope=2 filter="(uid=root)"
Aug  7 18:57:25 p15090634 slapd[18703]: conn=18 op=1 SEARCH RESULT tag=101 err=0 text=
Aug  7 18:57:25 p15090634 slapd[18701]: conn=18 op=2 BIND dn="CN=ROOT,OU=USERS,DC=WIZARDS,DC=AT" method=128
Aug  7 18:57:25 p15090634 slapd[18701]: conn=18 op=2 RESULT tag=97 err=0 text=
Aug  7 18:57:25 p15090634 slapd[18703]: conn=18 op=3 BIND dn="" method=128
Aug  7 18:57:25 p15090634 slapd[18703]: conn=18 op=3 RESULT tag=97 err=0 text=
Aug  7 18:57:25 p15090634 su: (to root) ranger on /dev/pts/5
Aug  7 18:57:25 p15090634 slapd[18688]: daemon: conn=19 fd=22 connection from IP=127.0.0.1:35615 (IP=0.0.0.0:389) accepted.
Aug  7 18:57:25 p15090634 slapd[18701]: conn=19 op=0 BIND dn="" method=128
Aug  7 18:57:25 p15090634 slapd[18701]: conn=19 op=0 RESULT tag=97 err=0 text=
Aug  7 18:57:25 p15090634 slapd[18703]: conn=19 op=1 SRCH base="dc=wizards,dc=at" scope=2 filter="(&(objectClass=posixGroup)(memberUid=root))"
Aug  7 18:57:25 p15090634 slapd[18703]: conn=19 op=1 SEARCH RESULT tag=101 err=0 text=
Aug  7 18:57:25 p15090634 slapd[18701]: conn=18 op=4 UNBIND
Aug  7 18:57:25 p15090634 slapd[18701]: conn=-1 fd=21 closed
Aug  7 18:57:31 p15090634 master[18792]: about to exec /usr/cyrus/bin/imapd
Aug  7 18:57:31 p15090634 imap[18792]: executed
Aug  7 18:57:31 p15090634 imapd[18792]: accepted connection
Aug  7 18:57:33 p15090634 imapd[18792]: badlogin: localhost.localdomain[127.0.0.1] OTP [SASL(-13): authentication failure: External SSF not good enough]
Aug  7 18:57:36 p15090634 perl: No worthy mechs found

Imap seems to authenticate my root account, but what mean the two last lines?
Perhaps you can help once again.

Greetigns, Lothar

On Wed, Aug 07, 2002 at 09:33:30AM -0400, John Dalbec wrote:
> 
> 
> Lothar Handl wrote:
> > 
> > Hi,
> > 
> > thanks for the tips. Now it seems that SASL connects to LDAP and
> > authenticates when I use the testsasl proggy. But Cyrus does not
> > seem to use this method. Have you got an idea what went wrong?
> > 
> > My imapd.conf looks now like this:
> > postmaster: postmaster
> > configdirectory: /var/imap
> > partition-default: /var/spool/imap
> > admins: cyrus root
> > pwcheck_method: saslauthd
> > tls_ca_file: /var/imap/server.pem
> > tls_cert_file: /var/imap/server.pem
> > tls_key_file: /var/imap/server.pem
> > sasl_passwd_check: saslauthd
> > sasl_ldap_servers: localhost
> > sasl_ldap_bind_dn: uid=manager, ou=users, dc=wizards, dc=at
> 		     ^^^ should this be cn?
> > sasl_ldap_bind_pw: mysecretpassword
> > 
> > When I try to connect to localhost with the root account, the following
> > hapens:
> > p15090634:~ # cyradm
> > cyradm> connect localhost
> > IMAP Password:Login failed: user not found at /usr/lib/perl5/site_perl/5.6.0/i586-linux/Cyrus/IMAP/Admin.pm line 78
> > server: localhost: cannot authenticate
> > localhost.localdomain>
> > 
> > and the connection results in these messages:
> > Aug  6 22:42:31 p15090634 master[846]: process 858 exited, status 0
> > Aug  6 22:42:31 p15090634 ctl_cyrusdb[857]: done checkpointing cyrus databases
> > Aug  6 22:42:31 p15090634 master[846]: process 857 exited, status 0
> > Aug  6 22:42:38 p15090634 master[861]: about to exec /usr/cyrus/bin/imapd
> > Aug  6 22:42:38 p15090634 imap[861]: executed
> > Aug  6 22:42:38 p15090634 imapd[861]: accepted connection
> > Aug  6 22:42:47 p15090634 imapd[861]: badlogin: localhost.localdomain[127.0.0.1] plaintext root SASL(-13): user not found: checkpass failed
> > 
> > I've also configured /usr/local/etc/saslauthd.conf like this:
> > ldap_servers: ldap://localhost/
> > ldap_bind_dn: cn=manager, ou=users, dc=wizards, dc=at
> 		^^ or should this be uid?
> > ldap_bind_pw: mysecretpassword
> > ldap_version: 3
> > ldap_search_base: dc=wizards, dc=at
> > ldap_verbose: on
> > ldap_debug: 3
> > 
> > Greetings, Lothar
> >