[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: saslauxprop and libldapdb, auxpropfunc error -7

To: Joe Rhodes <lists@joerhodes.com>
Subject: Re: saslauxprop and libldapdb, auxpropfunc error -7
From: Igor Brezac <igor@ipass.net>
Date: Sun, 9 Mar 2003 23:25:47 -0500 (EST)
Cc: OpenLDAP-software@OpenLDAP.org
In-reply-to: <0058F6AE-52A7-11D7-A77F-00039376159E@joerhodes.com>
References: <0058F6AE-52A7-11D7-A77F-00039376159E@joerhodes.com>

On Sun, 9 Mar 2003, Joe Rhodes wrote:

>
> On Thursday, March 6, 2003, at 01:53  PM, Igor Brezac wrote:
>
> >
> > On Thu, 6 Mar 2003, Joe Rhodes wrote:
> >
> >> Howard, Igor, Rob, et. al.,
> >>
> >> I've tried applying the changes as Howard suggested below.  It has
> >> succeeded in preventing the "auxpropfunc error -7" message from
> >> showing
> >> up when Cyrus IMAP invokes the SASL library to do a user/password
> >> verification.  However, there is still no bind (or any activity for
> >> that matter) with slapd.  It just reports an error "SASL(-13): user
> >> not
> >> found:  checkpass failed" in the system log.  I guess at this point
> >> I'm
> >> at least expecting it to query the ldap server, even if it isn't
> >> successful.  My imap.conf file is as so (per previous
> >> recommendations):
>
> >> configdirectory: /var/imap
> >> partition-default: /var/spool/imap
> >> admins: cyrus root
> >> sasl_pwcheck_method: auxprop
> >> sasl_auxprop_plugin: ldapdb
> >> sasl_ldapdb_uri: ldap://127.0.0.1
> >> sasl_ ldapdb_id:  admin
> >> sasl_ ldapdb_pw:  password
> >> sasl_ ldapdb_mech: PLAIN
> >>
> >
> > This should work, I assume extra spaces is just a typo.
> >
> > Are you certain the plugin is contacting the ldap server
> > (ldap://127.0.0.1)?  If this is the case, can 'ldapdb_id: admin' be
> > used
> > for proxy authorization privileges to every account that is allowed to
> > login?
> >
>
> Actually, no, my plugin is NOT contacting the server, running on the
> same host.  I've tried using both
> sasl_ldapdb_uri: ldapi://
> and
> sasl_ldapdb_uri: ldap://127.0.0.1
>
> As of yet, I have not been able to get the Cyrus SASL plugin to query
> the server at all.  I'm running slapd with debug of 256.  This seems to
> splash plenty of info in the console window anytime an application
> queries it (say, Netscape Mail, for instance).
>

How are you testing the plugin?

You will need to fetch cyrus-sasl from the cmu cvs and try again.
(important Howard's patches are in there)  Also, get the latest
libldapdb.c from the openldap cvs or download openldap 2.1.15.

> Which are the extra spaces you speak of?
>

sasl_ ldapdb_id:  admin
     ^
> Is there some way to get more error messages out of the auxprop plugin?
>   Perhaps if I could see what it thinks it has for arguments, what it's
> trying to do when it fails, etc.  Right now all I have is that it
> doesn't contact OpenLDAP and can't find the user [SASL (-13)user not
> found:  checkpass failed]
>
> Up to this point, I've applied the patches Howard Chu offered earlier
> to get rid of the "auxpropfunc error -7" messages.  I no longer get
> that message when an SASL-enabled server tries to use the auxprop
> plugin.
>
> Have others gotten this to work?  If they have, then I must be missing

I have it working.

> something here.  Once I do (if I do) get this working, I intend to
> document the adventure.  I'd guess that this would be pertinent to
> others that use similar software (sendmail and Cyrus IMAP) who want to
> use a more secure method of password exchange/authentication.

-- 
Igor

References:
- Re: saslauxprop and libldapdb, auxpropfunc error -7
  - From: Joe Rhodes <lists@joerhodes.com>

Prev by Date: FW: OpenLDAP 2.1.15 released
Next by Date: Slurpd fails
Index(es):
- Chronological
- Thread