Re: sasl auth against Active Directory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 31/03/10 11:08 +0200, Geoff wrote:
Le 31/03/2010 10:34, Howard Chu a écrit :
Geoff wrote:
[...]
I'm wondering if the IT gave me the right access on AD...
The ldap search is not returning any userPassword or unicodePwd field
(AD equivalent of ldap userPassword as I found on the web).

Should an ldap search return one of these field if I had sufficient
access?

No, ActiveDirectory never returns this information through LDAP.

Thanks for such a rapid answer :)

Then I'll have to find out where is the bug in my conf.

I did a pcap trace of the interaction between saslauthd and Active
Directory.

With the config I previously posted (ldap_auth_method: bind), saslauthd:

* Binds to the LDAP server using a simple bind, with the specified "dn" and
  password
* Searches for the user's entry using the specified base and filter, or the
  equivalent of:

ldapsearch -x -H ldap://192.0.2.1 -D Administrator@xxxxxxxxxxx -w \
secret -b OU=Users,OU=BTC,dc=example,dc=com "(sAMAccountName=dan)" dn

dn: CN=Dan White,OU=Screen saver immunity,OU=Users,OU=BTC,DC=example,DC
 =com

* Performs a 2nd simple bind, using the dn returned from the search, and
  password that was specified by the user, such as:

ldapsearch -x -H ldap://192.0.2.1 -D "CN=Dan White,OU=Screen saver \
immunity,OU=Users,OU=BTC,DC=example,DC=com" -w usersecret -b \
OU=Users,OU=BTC,dc=example,dc=com

It doesn't really specify a base, but I specified it for the ldapsearch
command to return results.

So apparently if the second bind succeeds, then saslauthd returns success.

--
Dan White

[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux