james tan wrote: > Hi, > > Version > LDAP openldap-2.3.27 > cyrus-sasl-2.1.22 > > I have been trying to figure out what is happening but failed for the > last few days. I am sorry for the long email where I tried the > various debug output. I just wonder where goes wrong? > I already have my ldap user created in ldbm, do I need anything like > sasldb2 again? I am lost! :( > > I tried this but it failed. > > ./testsaslauthd -u tancentos2@xxxxxxxxxx -p mypasswd > > saslauthd[6118] :do_auth : auth failure: > [user=tancentos2@xxxxxxxxxx] [service=imap] [realm=] [mech=ldap] > [reason=Unknown] > saslauthd[6118] :do_request : response: NO > > The following are my configuration for saslauthd.conf > ldap_servers: ldap://127.0.0.1 > ldap_search_base: o=hosting,dc=example,dc=tld > ldap_filter: (&(objectClass=VirtualMailAccount)(mail=%u@%r))) > ldap_bind_dn: cn=cyrus,dc=example,dc=tld > ldap_password: secret > ldap_auth_method: bind You need to use ldap_auth_method: custom or adjust your filter. Please see cyrus-src/saslauthd/LDAP_SASLAUTHD > ldap_start_tls: no > > > I tried to debug with openldap, I got the follownig but I noticed that > the tancentos2@xxxxxxxxxx is not passed to ldap but the binding looks > ok ? > > connection_get(13): got connid=1 > connection_read(13): checking for input on id=1 > ber_get_next > ber_get_next: tag 0x30 len 48 contents: > ber_get_next > ber_get_next on fd 13 failed errno=11 (Resource temporarily unavailable) > do_bind > ber_scanf fmt ({imt) ber: > ber_scanf fmt (m}) ber: >>>> dnPrettyNormal: <cn=cyrus,dc=example,dc=tld> > <<< dnPrettyNormal: <cn=cyrus,dc=example,dc=tld>, > <cn=cyrus,dc=example,dc=tld> > do_bind: version=3 dn="cn=cyrus,dc=example,dc=tld" method=128 > dn2entry_r: dn: "cn=cyrus,dc=example,dc=tld" > => dn2id( "cn=cyrus,dc=example,dc=tld" ) > ====> cache_find_entry_ndn2id("cn=cyrus,dc=example,dc=tld"): 34 (1 tries) > <= dn2id 34 (in cache) > => id2entry_r( 34 ) > ====> cache_find_entry_id( 34 ) "cn=cyrus,dc=example,dc=tld" (found) > (1 tries) > <= id2entry_r( 34 ) 0x8b1ca98 (cache) > ====> cache_return_entry_r( 34 ): returned (0) > send_ldap_result: conn=1 op=0 p=3 > send_ldap_response: msgid=1 tag=97 err=49 > ber_flush: 14 bytes to sd 13 > > Then, I tried > ldapsearch -LLL -s sub -v -x "(mail=tancentos2@xxxxxxxxxx)" -b > "o=hosting,dc=example,dc=tld" cn sn > it returns the cn and sn. > If I take away the "-x", then problem came. The following are the > debug output from ldap > SASL [conn=2] Debug: DIGEST-MD5 server step 2 > slap_sasl_getdn: u:id converted to uid=root,cn=DIGEST-MD5,cn=auth >>>> dnNormalize: <uid=root,cn=DIGEST-MD5,cn=auth> > <<< dnNormalize: <uid=root,cn=digest-md5,cn=auth> > ==>slap_sasl2dn: converting SASL name uid=root,cn=digest-md5,cn=auth > to a DN > slap_authz_regexp: converting SASL name uid=root,cn=digest-md5,cn=auth > <==slap_sasl2dn: Converted SASL name to <nothing> > SASL [conn=2] Error: unable to open Berkeley db /etc/sasldb2: No such > file or directory > > _________________________________________________________________ > Get a FREE small business Web site and more from Microsoft® Office > Live! http://clk.atdmt.com/MRT/go/aub0930003811mrt/direct/01/ > -Igor
