[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Can't get password passthrough to work with openldap
- To: openldap-technical@openldap.org, 4krishan@gmail.com
- Subject: Can't get password passthrough to work with openldap
- From: k pur <4krishan@gmail.com>
- Date: Tue, 16 Mar 2010 10:28:22 +0000
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=XoE3XSYX8OYCe4HriWKMzrETca0CzCuviY706tZK8mc=; b=qfXuihSqmr86+lUSMaoldkgefjq1kzma4jCDdkmsfYGbacZBXoQFxzWs42s0rLuXnz J0yj3JeSRAVVt8dMwdkWJm6YR2b+BYZyHwnJCgil19vKVp8pHOqhF+P0Y2Ybqlymuizn 5TAXxsUwru1iym/L6xF//CATIV8S10VYXmhxA=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=adjDGeT5JSYvPZjBakxUotKR5XRUgEh9d0wboOPWaGNa0uBiax+B6iUsJfnUbbHkBj mC0ofFqv7k685cdvBE7jI8xZBSp0woZsUDVt1v867ODMXZdlqtiAyUhMCDafNHxK/aXF pK3dWssi8oc13qEt2IZHGxcXB7NBSjCdnEDcA=
Hi,
I am trying to get Pass-Through authentication to work for password
verification.
Following the 'Pass-Through authentication' (14.5) in the openldap 2.4
admin guide, I hve configured saslauthd and slapd.conf (sasl) and
managed to successfully authenticate with Active Directory (AD) using
the 'testsaslauthd' utility.
Setting a user password in my openldap database in the form
dn: uid=user,ou=org,dc=org.com
userPassword: {SASL}joe@ad.example.com
where joe@ad.example.com is the userPrincipalName defined for this
user in AD.
I can't authenticate, when using the ldapsearch command
$ ldapsearch -x -v -D 'uid=joe,ou=people,dc=myorg.com' -W -h ldaphost
Comes up with error (49)
I have enabled --enable-spasswd --with-cyrus-sasl when compiling openldap
Has anybody configured this type of setup successfully?
My question is - how do I configure my openldap server to talk to
'saslauthd' - which openldap's passthrough delegates password
authentication to, when the userpassword is in the form
userPassword: {SASL}joe@ad.example.com
Do I need to have some extra configurations in my openldap slapd.conf
file? Currently I only have sasl-host and sasl-secprops defined, as:-
sasl-host 127.0.0.1 # (where my openldap server runs as well)
sasl-secprops none
Do I need to do any auth-regex for any translation?
This is my openldap entry for user joe
dn: uid=joe,ou=people,dc=myorg.com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Joe
sn: Bloggs
telephoneNumber: 3333
userPassword: {SASL}joe@ad.example.com
physicalDeliveryOfficeName: J2B/1
givenName: joe
uid: joe
Below is my /usr/lib/sasl2/slapd.conf file
mech_list: plain
pwcheck_method: saslauthd
saslauthd_path: /var/run/saslauthd/mux
Below is my /etc/saslauthd.conf file
ldap_servers: ldap://ad.example.com:389
ldap_search_base: ou=People,dc=ad,dc=example,dc=com
ldap_filter: (userPrincipalName=%u)
ldap_bind_dn: cn=admin,cn=Users,dc=ad,dc=example,dc=com
ldap_password: mypassword
Any help will be greatly appreciated.
Many Thanks
krishan