Re: Problem using saslauthd against ldap server ...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On 06/04/18 22:42 +0000, Robert Werner wrote:
I'm trying to use saslauthd to test "auth plain" and "auth login"
authentication against our LDAP data store using the "MECH=ldap"
When saslauthd tries to bind with the credentials,  it is only sending 7
characters of the password.  I've validated this by using Wireshark to
examine the sasl communications.  The ldap search for the user is
successful and saslauthd is finding the correct user and binding as
desired.  But the auth fails,  obviously,  because the only 7 characters of
the actual (9 character) password is sent.

If I use the "MECH=pam" and authenticate against a valid user (also with a
password that is 9 charcaters) on the local server,  the authentication is

I'm running this on RHEL 7.5 with cyrus-sasl* packages that are version
"2.1.26-23.el7.x86_64", ie:

I've attached my smtp.conf,  saslauthd and saslauthd.conf files (with
passwords redacted).
Is there a configuration I'm missing or have I found a bug?  Any
suggestions as to how to get around this problem?

ldap_bind_dn: <user>
ldap_bind_pw: <password>
ldap_servers: ldap://
ldap_search_base: dc=ucmerced,dc=edu
ldap_filter: uid=%U
ldap_version: 3
log_level: 7

log_level: 7
pwcheck_method: saslauthd
mech_list: plain login

Is this problem reproducable with testsaslauthd and smtptest?

Disable saslauthd caching (without -c) and run in debug (-d) mode for
additional output. Set 'debug: -1' (man 3 ldap_set_option), in
saslauthd.conf to increase libldap's output.

Is this problem specific to a particular user name? If so, would you mind
sharing what that username is?

Dan White

[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux