[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SASL Authentication against LDAP
What does saslauthd -v show? Did you start saslauthd -a ldap?
I recommend that you test imapd with imtest utility: imtest -a imap_userid
localhost
if this works, you are not using cyradm properly.
-Igor
On Wed, 7 Aug 2002, Lothar Handl wrote:
> Hi,
>
> that was a good hint, as well as the one from Igor. But there
> is still a problem.
>
> Aug 7 18:57:25 p15090634 slapd[18688]: daemon: conn=18 fd=21 connection from IP=127.0.0.1:35614 (IP=0.0.0.0:389) accepted.
> Aug 7 18:57:25 p15090634 slapd[18701]: conn=18 op=0 BIND dn="" method=128
> Aug 7 18:57:25 p15090634 slapd[18701]: conn=18 op=0 RESULT tag=97 err=0 text=
> Aug 7 18:57:25 p15090634 slapd[18703]: conn=18 op=1 SRCH base="dc=wizards,dc=at" scope=2 filter="(uid=root)"
> Aug 7 18:57:25 p15090634 slapd[18703]: conn=18 op=1 SEARCH RESULT tag=101 err=0 text=
> Aug 7 18:57:25 p15090634 slapd[18701]: conn=18 op=2 BIND dn="CN=ROOT,OU=USERS,DC=WIZARDS,DC=AT" method=128
> Aug 7 18:57:25 p15090634 slapd[18701]: conn=18 op=2 RESULT tag=97 err=0 text=
> Aug 7 18:57:25 p15090634 slapd[18703]: conn=18 op=3 BIND dn="" method=128
> Aug 7 18:57:25 p15090634 slapd[18703]: conn=18 op=3 RESULT tag=97 err=0 text=
> Aug 7 18:57:25 p15090634 su: (to root) ranger on /dev/pts/5
> Aug 7 18:57:25 p15090634 slapd[18688]: daemon: conn=19 fd=22 connection from IP=127.0.0.1:35615 (IP=0.0.0.0:389) accepted.
> Aug 7 18:57:25 p15090634 slapd[18701]: conn=19 op=0 BIND dn="" method=128
> Aug 7 18:57:25 p15090634 slapd[18701]: conn=19 op=0 RESULT tag=97 err=0 text=
> Aug 7 18:57:25 p15090634 slapd[18703]: conn=19 op=1 SRCH base="dc=wizards,dc=at" scope=2 filter="(&(objectClass=posixGroup)(memberUid=root))"
> Aug 7 18:57:25 p15090634 slapd[18703]: conn=19 op=1 SEARCH RESULT tag=101 err=0 text=
> Aug 7 18:57:25 p15090634 slapd[18701]: conn=18 op=4 UNBIND
> Aug 7 18:57:25 p15090634 slapd[18701]: conn=-1 fd=21 closed
> Aug 7 18:57:31 p15090634 master[18792]: about to exec /usr/cyrus/bin/imapd
> Aug 7 18:57:31 p15090634 imap[18792]: executed
> Aug 7 18:57:31 p15090634 imapd[18792]: accepted connection
> Aug 7 18:57:33 p15090634 imapd[18792]: badlogin: localhost.localdomain[127.0.0.1] OTP [SASL(-13): authentication failure: External SSF not good enough]
> Aug 7 18:57:36 p15090634 perl: No worthy mechs found
>
> Imap seems to authenticate my root account, but what mean the two last lines?
> Perhaps you can help once again.
>
> Greetigns, Lothar
>
> On Wed, Aug 07, 2002 at 09:33:30AM -0400, John Dalbec wrote:
> >
> >
> > Lothar Handl wrote:
> > >
> > > Hi,
> > >
> > > thanks for the tips. Now it seems that SASL connects to LDAP and
> > > authenticates when I use the testsasl proggy. But Cyrus does not
> > > seem to use this method. Have you got an idea what went wrong?
> > >
> > > My imapd.conf looks now like this:
> > > postmaster: postmaster
> > > configdirectory: /var/imap
> > > partition-default: /var/spool/imap
> > > admins: cyrus root
> > > pwcheck_method: saslauthd
> > > tls_ca_file: /var/imap/server.pem
> > > tls_cert_file: /var/imap/server.pem
> > > tls_key_file: /var/imap/server.pem
> > > sasl_passwd_check: saslauthd
> > > sasl_ldap_servers: localhost
> > > sasl_ldap_bind_dn: uid=manager, ou=users, dc=wizards, dc=at
> > ^^^ should this be cn?
> > > sasl_ldap_bind_pw: mysecretpassword
> > >
> > > When I try to connect to localhost with the root account, the following
> > > hapens:
> > > p15090634:~ # cyradm
> > > cyradm> connect localhost
> > > IMAP Password:Login failed: user not found at /usr/lib/perl5/site_perl/5.6.0/i586-linux/Cyrus/IMAP/Admin.pm line 78
> > > server: localhost: cannot authenticate
> > > localhost.localdomain>
> > >
> > > and the connection results in these messages:
> > > Aug 6 22:42:31 p15090634 master[846]: process 858 exited, status 0
> > > Aug 6 22:42:31 p15090634 ctl_cyrusdb[857]: done checkpointing cyrus databases
> > > Aug 6 22:42:31 p15090634 master[846]: process 857 exited, status 0
> > > Aug 6 22:42:38 p15090634 master[861]: about to exec /usr/cyrus/bin/imapd
> > > Aug 6 22:42:38 p15090634 imap[861]: executed
> > > Aug 6 22:42:38 p15090634 imapd[861]: accepted connection
> > > Aug 6 22:42:47 p15090634 imapd[861]: badlogin: localhost.localdomain[127.0.0.1] plaintext root SASL(-13): user not found: checkpass failed
> > >
> > > I've also configured /usr/local/etc/saslauthd.conf like this:
> > > ldap_servers: ldap://localhost/
> > > ldap_bind_dn: cn=manager, ou=users, dc=wizards, dc=at
> > ^^ or should this be uid?
> > > ldap_bind_pw: mysecretpassword
> > > ldap_version: 3
> > > ldap_search_base: dc=wizards, dc=at
> > > ldap_verbose: on
> > > ldap_debug: 3
> > >
> > > Greetings, Lothar
> > >
>
--
Igor