On 30/03/10 18:16 +0200, Geoff wrote:
I'm trying to set up sasl auth against ldap (Active Directory) to
authenticate subversion users.
I set up the ladp mechanism and testing it with testsaslauthd but I just
can't have it working.
I'm running Debian Lenny and saslauthd 2.1.22
The error message logged is :
Authentication failed for MYUSER: Bind to ldap server failed (invalid
user/password or insufficient access) (-7)
Here are the settings :
---------------------------------------------------------------------------------
ldap_servers: ldap://x.x.x.x/
ldap_search_base: OU=Vibrateam,DC=domain,DC=ext
#
ldap_bind_dn: CN=AdminUser,OU=organisation,DC=domain,DC=ext
ldap_bind_pw: secret
#
ldap_use_sasl: no
ldap_start_tls: no
ldap_version: 3
ldap_auth_method: bind
ldap_filter: (sAMAccountName=%u)
---------------------------------------------------------------------------------
I was able to configure saslauthd to work against a Windows 2003 Standard
Edition server with:
ldap_servers: ldap://192.0.2.1/
ldap_search_base: OU=Users,OU=BTC,DC=example,DC=com
#
ldap_bind_dn: Administrator@xxxxxxxxxxx
ldap_bind_pw: secret
#
ldap_use_sasl: no
ldap_start_tls: no
ldap_version: 3
ldap_auth_method: bind
ldap_filter: (sAMAccountName=%u)
I had to play around a bit with an ldapsearch command to find out what
Active Directory wanted for a dn:
ldapsearch -x -H ldap://192.0.2.1 -D Administrator@xxxxxxxxxxx -w
secret -b OU=Users,OU=BTC,dc=example,dc=com
--
Dan White
