|
I'm trying to use saslauthd to test "auth plain" and "auth login" authentication against our LDAP data store using the "MECH=ldap" configuration.
When saslauthd tries to bind with the credentials, it is only sending 7 characters of the password. I've validated this by using Wireshark to examine the sasl communications. The ldap search for the user is successful
and saslauthd is finding the correct user and binding as desired. But the auth fails, obviously, because the only 7 characters of the actual (9 character) password is sent.
If I use the "MECH=pam" and authenticate against a valid user (also with a password that is 9 charcaters) on the local server, the authentication is successful.
I'm running this on RHEL 7.5 with cyrus-sasl* packages that are version "2.1.26-23.el7.x86_64", ie: cyrus-sasl-plain-2.1.26-23.el7.x86_64
cyrus-sasl-2.1.26-23.el7.x86_64 cyrus-sasl-gssapi-2.1.26-23.el7.x86_64 cyrus-sasl-lib-2.1.26-23.el7.x86_64 I've attached my smtp.conf, saslauthd and saslauthd.conf files (with passwords redacted).
--
Robert G. Werner Systems Administrator University of California Merced, Office of Information Technology rwerner2@xxxxxxxxxxxx | it.ucmerced.edu | 209.201.4368 |
ldap_bind_dn: <user> ldap_bind_pw: <password> ldap_servers: ldap://lplds.ucmerced.edu ldap_search_base: dc=ucmerced,dc=edu ldap_filter: uid=%U ldap_version: 3 log_level: 7
log_level: 7 pwcheck_method: saslauthd mech_list: plain login
Attachment:
saslauthd
Description: saslauthd
