OpenLDAP and cyrus-sasl authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Version
LDAP openldap-2.3.27
cyrus-sasl-2.1.22

I have been trying to figure out what is happening but failed for the last few days. I am sorry for the long email where I tried the various debug output. I just wonder where goes wrong? I already have my ldap user created in ldbm, do I need anything like sasldb2 again? I am lost! :(

I tried this but it failed.

./testsaslauthd -u tancentos2@xxxxxxxxxx -p mypasswd

saslauthd[6118] :do_auth : auth failure: [user=tancentos2@xxxxxxxxxx] [service=imap] [realm=] [mech=ldap] [reason=Unknown]
saslauthd[6118] :do_request      : response: NO

The following are my configuration for saslauthd.conf
ldap_servers: ldap://127.0.0.1
ldap_search_base: o=hosting,dc=example,dc=tld
ldap_filter: (&(objectClass=VirtualMailAccount)(mail=%u@%r)))
ldap_bind_dn: cn=cyrus,dc=example,dc=tld
ldap_password: secret
ldap_auth_method: bind
ldap_start_tls: no


I tried to debug with openldap, I got the follownig but I noticed that the tancentos2@xxxxxxxxxx is not passed to ldap but the binding looks ok ?

connection_get(13): got connid=1
connection_read(13): checking for input on id=1
ber_get_next
ber_get_next: tag 0x30 len 48 contents:
ber_get_next
ber_get_next on fd 13 failed errno=11 (Resource temporarily unavailable)
do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
dnPrettyNormal: <cn=cyrus,dc=example,dc=tld>
<<< dnPrettyNormal: <cn=cyrus,dc=example,dc=tld>, <cn=cyrus,dc=example,dc=tld>
do_bind: version=3 dn="cn=cyrus,dc=example,dc=tld" method=128
dn2entry_r: dn: "cn=cyrus,dc=example,dc=tld"
=> dn2id( "cn=cyrus,dc=example,dc=tld" )
====> cache_find_entry_ndn2id("cn=cyrus,dc=example,dc=tld"): 34 (1 tries)
<= dn2id 34 (in cache)
=> id2entry_r( 34 )
====> cache_find_entry_id( 34 ) "cn=cyrus,dc=example,dc=tld" (found) (1 tries)
<= id2entry_r( 34 ) 0x8b1ca98 (cache)
====> cache_return_entry_r( 34 ): returned (0)
send_ldap_result: conn=1 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=49
ber_flush: 14 bytes to sd 13

Then, I tried
ldapsearch -LLL -s sub -v -x "(mail=tancentos2@xxxxxxxxxx)" -b "o=hosting,dc=example,dc=tld" cn sn
it returns the cn and sn.
If I take away the "-x", then problem came. The following are the debug output from ldap
SASL [conn=2] Debug: DIGEST-MD5 server step 2
slap_sasl_getdn: u:id converted to uid=root,cn=DIGEST-MD5,cn=auth
dnNormalize: <uid=root,cn=DIGEST-MD5,cn=auth>
<<< dnNormalize: <uid=root,cn=digest-md5,cn=auth>
==>slap_sasl2dn: converting SASL name uid=root,cn=digest-md5,cn=auth to a DN
slap_authz_regexp: converting SASL name uid=root,cn=digest-md5,cn=auth
<==slap_sasl2dn: Converted SASL name to <nothing>
SASL [conn=2] Error: unable to open Berkeley db /etc/sasldb2: No such file or directory

_________________________________________________________________
Get a FREE small business Web site and more from Microsoft® Office Live! http://clk.atdmt.com/MRT/go/aub0930003811mrt/direct/01/


[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux