> Hi all, > > Sorry if this is a long email! > > I'm trying to get my head around SASL, specifically setting up saslauthd > with LDAP as the backend. > > Environment: > ============ > Fedora Core 5 > OpenLDAP 2.3.19-4 > Cyrus SASL 2.1.21-10 > > Objective: > ========== > I want to be able to setup and verify that Cyrus SASL is able to > authenticate successfully. > > Background: > =========== > User information is stored in OpenLDAP. The LDAP directory tree looks > like this: > > dc=aeonflux,dc=localdomain > | > +----+----------+ > | | > o=domain1.tld o=domain2.tld > | > +----+----+ > | | > ou=People ou=Groups > | > uid=john.doe,ou=People,o=domain1.tld,dc=aeonflux,dc=localdomain > mail: john.doe@xxxxxxxxxxx > > Note: I do not have IMAP installed and I want to test that saslauthd can > authenticate correctly first before I install Cyrus IMAP. > > LDAP: > ===== > I have setup OpenLDAP on localhost, non-SSL. I can verify that the user > exists in the directory tree: > > [root@jadeblue ~]# ldapsearch -H ldap://localhost:389 -xv \ > -D "cn=ldaproot,dc=aeonflux,dc=localdomain" -W \ > -b "ou=People,o=domain1.tld,dc=aeonflux,dc=localdomain" \ > -LLL "(mail=john.doe@xxxxxxxxxxx)" uid > > ldap_initialize( ldap://localhost:389 ) > Enter LDAP Password: > filter: (mail=john.doe@xxxxxxxxxxx) > requesting: uid > dn: uid=john.doe,ou=People,o=domain1.tld,dc=aeonflux,dc=localdomain > uid: john.doe > > saslauthd: > ========== > By default, Fedora Core 5 starts saslauthd with PAM as the backend, so I > had to change the startup file (/etc/sysconfig/saslauthd): > MECH=ldap > > And I created the following file (/etc/saslauthd.conf): > ldap_servers: ldap://localhost/ > ldap_auth_method: bind > ldap_filter: mail=%u > ldap_base: ou=People,o=domain1.tld,dc=aeonflux,dc=localdomain ^^^^^ Try: ldap_search_base: ou=People,o=domain1.tld,dc=aeonflux,dc=localdomain Simon > > Testing with testsaslauthd: > =========================== > And I tried authenticating using this command: > testsaslauthd -u john.doe@xxxxxxxxxxx -p pass123 > > I get this: > 0: NO "authentication failed" > > And in /var/log/messages, I get: > > Sep 25 13:26:26 jadeblue saslauthd[3099]: do_auth : auth > failure: [user=john.doe@xxxxxxxxxxx] [service=imap] [realm=] [mech=ldap] > [reason=Unknown] > > Questions: > ========== > I'm pretty sure I am missing something here, and the clue is probably > the "[service=imap]" in the logs.I haven't installed Cyrus IMAP > installed (yet), so I'm not sure where the defaults are set. The thing > is, I want to verify that saslauthd can see the users in my LDAP > directory before I install Cyrus IMAP. Is this possible ? > > > Thanks in advance, and again, sorry for the long email. > > > > > -- > Pascal Chong > email: chongym@xxxxxxxxxxxxxx > web: http://cymulacrum.net > pgp: http://cymulacrum.net/pgp/cymulacrum.asc > > "La science ne connaît pas de frontière parce que la connaissance > appartient à lâ??humanité. et que câ??est la flamme qui illumine le > monde." > > -- Louis Pasteur >
