[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: saslauxprop and libldapdb, auxpropfunc error -7

To: Igor Brezac <igor@ipass.net>
Subject: Re: saslauxprop and libldapdb, auxpropfunc error -7
From: Joe Rhodes <lists@joerhodes.com>
Date: Sun, 9 Mar 2003 21:18:44 -0600
Cc: OpenLDAP-software@OpenLDAP.org
In-reply-to: <Pine.GSO.4.44.0303061443370.26024-100000@pula.istra.ypass.net>


On Thursday, March 6, 2003, at 01:53  PM, Igor Brezac wrote:

On Thu, 6 Mar 2003, Joe Rhodes wrote:
Howard, Igor, Rob, et. al.,
I've tried applying the changes as Howard suggested below. It has succeeded in preventing the "auxpropfunc error -7" message from showing up when Cyrus IMAP invokes the SASL library to do a user/password verification. However, there is still no bind (or any activity for that matter) with slapd. It just reports an error "SASL(-13): user not found: checkpass failed" in the system log. I guess at this point I'm at least expecting it to query the ldap server, even if it isn't successful. My imap.conf file is as so (per previous recommendations):

configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus root
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: ldapdb
sasl_ldapdb_uri: ldap://127.0.0.1
sasl_ ldapdb_id:  admin
sasl_ ldapdb_pw:  password
sasl_ ldapdb_mech: PLAIN
This should work, I assume extra spaces is just a typo.
Are you certain the plugin is contacting the ldap server (ldap://127.0.0.1)? If this is the case, can 'ldapdb_id: admin' be used for proxy authorization privileges to every account that is allowed to login?

Actually, no, my plugin is NOT contacting the server, running on the same host. I've tried using both sasl_ldapdb_uri: ldapi:// and sasl_ldapdb_uri: ldap://127.0.0.1

As of yet, I have not been able to get the Cyrus SASL plugin to query the server at all. I'm running slapd with debug of 256. This seems to splash plenty of info in the console window anytime an application queries it (say, Netscape Mail, for instance).

Which are the extra spaces you speak of?

Is there some way to get more error messages out of the auxprop plugin? Perhaps if I could see what it thinks it has for arguments, what it's trying to do when it fails, etc. Right now all I have is that it doesn't contact OpenLDAP and can't find the user [SASL (-13)user not found: checkpass failed]

Up to this point, I've applied the patches Howard Chu offered earlier to get rid of the "auxpropfunc error -7" messages. I no longer get that message when an SASL-enabled server tries to use the auxprop plugin.

Have others gotten this to work? If they have, then I must be missing something here. Once I do (if I do) get this working, I intend to document the adventure. I'd guess that this would be pertinent to others that use similar software (sendmail and Cyrus IMAP) who want to use a more secure method of password exchange/authentication.

Thanks for everyone's help thus far.

Cheers!
-Joe

Follow-Ups:
- Re: saslauxprop and libldapdb, auxpropfunc error -7
  - From: Igor Brezac <igor@ipass.net>
- RE: saslauxprop and libldapdb, auxpropfunc error -7
  - From: "Howard Chu" <hyc@highlandsun.com>

References:
- Re: saslauxprop and libldapdb, auxpropfunc error -7
  - From: Igor Brezac <igor@ipass.net>

Prev by Date: Re: ACLs, groups, and regular expressions... oh my
Next by Date: FW: OpenLDAP 2.1.15 released
Index(es):
- Chronological
- Thread