Eric, * Eric Belhomme <eric.belhomme@xxxxxxxxxxxx>: > I'm newbie with sasl and I'm very confused the way it works... I googled > for hours and RTFMed online docs and my Debian /usr/share/doc > directories... But I still feel SASL very obscure ! > So I'm going to ask here some help, expecting someone will be able to > let me understand what I do ! > > * What I have ? > > - 3 Debian Lenny servers, with running OpenLDAP directory for user and > passwords authentication, > - a postfix server, with virtual users from the LDAP directory > - a dovecot server, with virtual users from the LDAP directory > > * What I want to do ? > > - enable SASL auth for postfix > - migrate from dovecot to cyrus Imapd+Murder > - enable SASL auth for cyrus imapd and murder, using my LDAP directory > > * What I did : > > installing saslauthd with this config : are the passwords in your directory encrypted or are they plaintext? > ldap_servers: ldap://127.0.0.1/ > ldap_bind_dn: cn=saslauth,dc=eve-team,dc=com > ldap_bind_pw: ***passwd*** > ldap_filter: (&(uid=%u)(objectClass=evePerson)) > ldap_search_base: ou=People,dc=eve-team,dc=com > ldap_scope: one > > Then I started saslauthd daemon like this : > > /usr/sbin/saslauthd -a ldap -c -m /var/run/saslauthd -d > > Finally, I tried to test the auth with test tools : Use testsaslauthd. > Both slapd and saslauthd are stared as debug processes, and nothing > happens ! It's like the sasl-sample-server tools don't even try to > connect the saslauthd daemon ! Quite likely you don't have a /etc/sasl/sample.conf telling sasl-sample-server to use saslauthd. Take a look at /var/log/auth.log. Also start saslauthd from commandline with an additional "-d". It will keep attached to your shell and you will be able to see debug output. p@rick > > I'm pretty sure I missed some important thinks in the knowledge of sasl > mechs but as I'm not a specialist it actually looks for me like... > voodoo or something like that ;) > > thanks for your help, > > -- > Rico -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
