SASL over LDAP I’m trying to using SASL over LDAP
for authentication but I don’t still work yet Details: OS: FreeBSD Packages: cyrus-sasl-2.1.22 RFC 2222 SASL (Simple Authentication and
Security Layer) cyrus-sasl-ldapdb-2.1.22 SASL LDAPDB
auxprop plugin cyrus-sasl-saslauthd-2.1.22 SASL
authentication server for cyrus-sasl2 postfix-current-2.5.20071006,4 A secure
alternative to widely-used Sendmail Configure SASL in main.cf
for postfix: ……………….. smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions =
permit_sasl_authenticated, reject_unauth_destination, permit_mynetworks, reject smtpd_sasl_authenticated_header = yes ……………….. Configure SASL for authentication: #vi
/usr/local/lib/sasl2/smtpd.conf pwcheck_method: saslauthd auxprop_plugin: ldap mech_list: PLAIN LOGIN CRAM-MD5
DIGEST-MD5 Configure LDAP server’s details for
SASL-ldapdb: #vi
/usr/local/etc/saslauthd.conf ldap_servers: ldap://192.168.1.70 ldap_search_base: dc=yescall,dc=com,dc=vn ldap_bind_dn: cn=admin,dc=yescall,dc=com,dc=vn ldap_password: 123 ldap_filter: (&(objectClass=qmailUser)(mail=%u)(accountStatus=active)) the details of
one node in my LDAP dn:
cn=huynhnguyen,dc=yescall.com.vn,o=hosting,dc=yescall,dc=com,dc=vn accountStatus: active cn:
huynhnguyen homeDirectory:
/vmail/hosting/yescall.com.vn/huynhnguyen mailMessageStore:
/vmail/hosting/yescall.com.vn/huynhnguyen/Maildir/ objectClass: top objectClass: person objectClass:
organizationalPerson objectClass:
inetOrgPerson objectClass: qmailUser objectClass: CourierMailAccount sn: Nguyen Dac
Huynh2 structuralObjectClass:
inetOrgPerson entryUUID:
f069f88e-1c17-102c-93d5-25c7f79a19b1 creatorsName:
cn=admin,dc=yescall,dc=com,dc=vn createTimestamp:
20071031161319Z mailHost:
mail.mikorn.com userPassword::
aWtvcm40MTI4NA== mail:
huynhnguyen@xxxxxxxxxxxxxx entryCSN:
20071205114520.832948Z#000000#000#000000 modifiersName:
cn=admin,dc=yescall,dc=com,dc=vn modifyTimestamp:
20071205114520Z Start saslauthd: #saslauthd -a
ldap /usr/local/etc/saslauthd.conf I always have authentication fails when
using testsaslauth My problems: - Must I have a schema in LDAP for SASL
only? - Does it neccessary to change my node in
LDAP to another structure which is suitable with SASL - How can I use ldap_filter better in
this case? Could anybody help me to solve this
problem? I’m a newbie in OpenSource. I’m not good in English. Sorry if any problem Thank you for your careness Thanks & Best Regards, Nguyen Dac Huynh System Engineer Mirae Ikorn Co., Ltd |