On 25/03/10 11:03 +0100, MEURISSE CLAUDE wrote:
The configuration works fine when I use LDAP between Cyrus SASLAUTHD and Active Directory.
As soon as I turn on LDAPS in the saslauthd.conf, I receive an auth failure (invalid credentials) :
saslauthd[12276] :rel_accept_lock : released accept lock
saslauthd[12277] :get_accept_lock : acquired accept lock
saslauthd[12276] :do_auth : auth failure: [user=myuser@xxxxxxxxxxxxxxxxxxxxxxxxxx] [service=ldap] [realm=internal.subsidiary.bank] [mech=ldap] [reason=Unknown]
saslauthd[12276] :do_request : response: NO
I can sucessfully bind in LDAPS with a standard LDAP Client (Like LDAP Browser/Editor 2.8.2 from Jarek Gawor)
Here is my saslauthd.conf :
ldap_servers: ldaps://internal.subsidiary.bank/
ldap_search_base: OU=Standard,OU=User_Accounts,DC=internal,DC=subsidiary,DC=bank
ldap_filter: (userPrincipalName=%u)
ldap_bind_dn: CN=myuser,OU=Standard,OU=User_Accounts,DC=internal,DC=subsidiary,DC=bank
ldap_password: secret
ldap_tls_cacert_file: /tmp/cert.pem
Assuming you have compiled your saslauthd against the openldap library, you
can use ldapsearch to simulate the binds, with debugging set - assuming
LDAP_DEBUG was enabled during openldap compile:
echo "TLS_CACERT /tmp/cert.pem" >> ~/.ldaprc
ldapsearch -d -1 -x -H ldaps://internal/subsidiary.bank/ -D
CN=myuser,OU=Standard,OU=User_Accounts,DC=internal,DC=subsidiary,DC=bank -w
secret -b OU=Standard,OU=User_Accounts,DC=internal,DC=subsidiary,DC=bank
"(userPrincipal=myuser@xxxxxxxxxxxxxxxxxxxxxxxxxx)"
And then does saslauthd rebind using the user's DN and password? I'm not
sure.
--
Dan White
