SASL over LDAP don't work

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

SASL over LDAP

 

I’m trying to using SASL over LDAP for authentication but I don’t still work yet

 

Details:

OS: FreeBSD

Packages:

cyrus-sasl-2.1.22   RFC 2222 SASL (Simple Authentication and Security Layer)

cyrus-sasl-ldapdb-2.1.22 SASL LDAPDB auxprop plugin

cyrus-sasl-saslauthd-2.1.22 SASL authentication server for cyrus-sasl2

postfix-current-2.5.20071006,4 A secure alternative to widely-used Sendmail

 

Configure SASL in  main.cf for postfix:

………………..

smtpd_sasl_auth_enable = yes

smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination,     permit_mynetworks, reject

smtpd_sasl_authenticated_header = yes

………………..

 

Configure SASL for authentication:

#vi /usr/local/lib/sasl2/smtpd.conf

pwcheck_method: saslauthd

auxprop_plugin: ldap

mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5

 

Configure LDAP server’s details for SASL-ldapdb:     

#vi /usr/local/etc/saslauthd.conf

ldap_servers: ldap://192.168.1.70

ldap_search_base:       dc=yescall,dc=com,dc=vn

ldap_bind_dn:   cn=admin,dc=yescall,dc=com,dc=vn

ldap_password:  123

ldap_filter:    (&(objectClass=qmailUser)(mail=%u)(accountStatus=active))

 

the details of one node in my LDAP

dn: cn=huynhnguyen,dc=yescall.com.vn,o=hosting,dc=yescall,dc=com,dc=vn

accountStatus: active

cn: huynhnguyen

homeDirectory: /vmail/hosting/yescall.com.vn/huynhnguyen

mailMessageStore: /vmail/hosting/yescall.com.vn/huynhnguyen/Maildir/

objectClass: top

objectClass: person

objectClass: organizationalPerson

objectClass: inetOrgPerson

objectClass: qmailUser

objectClass: CourierMailAccount

sn: Nguyen Dac Huynh2

structuralObjectClass: inetOrgPerson

entryUUID: f069f88e-1c17-102c-93d5-25c7f79a19b1

creatorsName: cn=admin,dc=yescall,dc=com,dc=vn

createTimestamp: 20071031161319Z

mailHost: mail.mikorn.com

userPassword:: aWtvcm40MTI4NA==

mail: huynhnguyen@xxxxxxxxxxxxxx

entryCSN: 20071205114520.832948Z#000000#000#000000

modifiersName: cn=admin,dc=yescall,dc=com,dc=vn

modifyTimestamp: 20071205114520Z

 

Start saslauthd:

#saslauthd -a ldap /usr/local/etc/saslauthd.conf

 

I always have authentication fails when using testsaslauth

 

My problems:

- Must I have a schema in LDAP for SASL only?

- Does it neccessary to change my node in LDAP to another structure which is suitable with SASL

- How can I use ldap_filter better in this case?

 

Could anybody help me to solve this problem?

I’m a newbie in OpenSource.

I’m not good in English. Sorry if  any problem

Thank you for your careness

 

 

Thanks & Best Regards,

Nguyen Dac Huynh

System Engineer

Mirae Ikorn Co., Ltd

 

 

[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux