[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Problems Enabling Authentication using Cyrus SASL
Fernando Torrez <fernando_torrez@hotmail.com> writes:
> Hi all
> Thanks for all your suggestions
>
> I tried the suggested command (thanks Moorthi):
> ldapwhoami -U proxyuser -X u:test -Y digest-md5 -I
> with no success. I got this error:
>
> firewall:~ # ldapwhoami -U proxyuser -X u:test -Y digest-md5 -I
> SASL/DIGEST-MD5 authentication started
> SASL Interaction
> Default: u:test
> Please enter your authorization name: test
> Default: proxyuser
> Please enter your authentication name: proxyuser
> Please enter your password:
> ldap_sasl_interactive_bind_s: Insufficient access (50)
> additional info: SASL(-14): authorization failure: unable
> authorization ID
>
> (Logs are at the bottom of this mail for details)
>
> I also realized that the logs changed almost nothing either the command below
> is running or not:
>
> saslauthd -d -V -a ldap -r -O /etc/saslauthd.conf
>
> so I can say that unfortunately there's no comunication between SASLAUTHD and
> LDAP.
>
> Now I will try the suggestion to separate saslauthd and ldapdb (thanks Dieter)
>
> But I'm still wondering if there's a way to work ldap server and cyrus-sasl
> together. Let's be more accuratte
>
> 1.- Connect to ldap server throught cyrus-sasl (let's say authenticated/
> authorized proxyuser connected to ldap server)
> 2.- Once connected to the ldap server, authenticate/authorize other user (or
> any object ) saved on ldap server using previous connection done in step 1
>
> Is that posible? Or, Am I driving crazy for nothing?
[...]
Is there any particular reason to include an external identiy provider
deamon like saslauthd?
Why don't you just use build in sasl functions? As I already
mentioned:
1. create plaintext userPasswords,
2. configure authz-regexp to map sasl authentication string to an
entry, (man slapd.conf(5))
3. add to /etc/sasl2/slapd.conf 'auxprop_plugin: slapd'
4. test whith ldapwhoami
If you want additonal proxy authentication
1. add a auth-policy to slapd.conf
2. add authzTo attribute and appropriate value to a proxy user entry,
3. test with ldapwhoami -X u:<proxy-user> -U <user> -Y <mechanism>
-Dieter
--
Dieter Klünter | Systemberatung
sip: 7770535@sipgate.de
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6