Roland Felnhofer wrote: > Hi, > > that should give you a hint: > > > saslauthd.conf > > ldap_servers: ldap://127.0.0.1 > ldap_search_base: ou=people,dc=example,dc=com > ldap_bind_dn: cn=proxyagent,ou=special_users,dc=example,dc=com > ldap_password: password > ldap_scope: one > ldap_uidattr: uid > ldap_filter_mode: yes > ldap_filter: uid=%u > > The first 4 (ldap_servers, ldap_search_base, ldap_bind_dn, > ldap_password) should be sufficient. > Dear Roland, thanks for your response. I already have the following entries in my saslauthd.conf --------------------------------------------------------------------- ldap_servers: ldap://localhost:389 ldap_bind_dn: cn=Manager,dc=kolkatainfoservices,dc=in ldap_bind_pw: secret ldap_search_base: ou=Users,dc=kolkatainfoservices,dc=in ldap_version: 3 ldap_filter: uid=%U ldap_default_domain: kolkatainfoservices.in -------------------------------------------------------------------------- But having problem with *disallow bind_anon*. I have also checked the settings u hv suggested like ldap_scope: one, ldap_uidattr: uid , ldap_filter_mode: yes. but no success yet. executing cyradm with valid user (in LDAP) and password reports ---------------------------------------------------- Mar 20 14:52:06 linux slapd[20480]: conn=1 fd=13 ACCEPT from IP=127.0.0.1:34512 (IP=0.0.0.0:389) Mar 20 14:52:06 linux slapd[20480]: conn=1 op=0 BIND dn="" method=128 Mar 20 14:52:06 linux slapd[20480]: conn=1 op=0 RESULT tag=97 err=0 text= Mar 20 14:52:06 linux slapd[20480]: conn=1 op=1 SRCH base="ou=Users,dc=kolkatainfoservices,dc=in" scope=2 deref=0 filter="(uid=aftab)" Mar 20 14:52:06 linux slapd[20480]: <= bdb_equality_candidates: (uid) index_param failed (18) Mar 20 14:52:06 linux slapd[20480]: conn=1 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Mar 20 14:52:06 linux slapd[20480]: conn=1 op=2 BIND dn="uid=aftab,ou=Users,dc=kolkatainfoservices,dc=in" method=128 Mar 20 14:52:06 linux saslauthd[19448]: pam_ldap: error trying to bind as user "uid=aftab,ou=Users,dc=kolkatainfoservices,dc=in" (Invalid credentials) Mar 20 14:52:06 linux slapd[20480]: conn=1 op=2 RESULT tag=97 err=49 text= Mar 20 14:52:06 linux slapd[20480]: conn=1 op=3 BIND dn="" method=128 Mar 20 14:52:06 linux saslauthd[19448]: do_auth : auth failure: [user=aftab] [service=imap] [realm=] [mech=pam] [reason=PAM auth error] Mar 20 14:52:06 linux imap[20519]: badlogin: linux.kolkatainfoservices.in [127.0.0.1] plaintext aftab SASL(-13): authentication failure: checkpass failed ------------------------------------------------------------------------------ could u kindly help me to fix the problem as my system has a security risk untill I stop the anynomous user login. thanks > > > Best regards > Roland > > > JOYDEEP wrote: >> Dear list, >> >> to secure my ldap server I have added the line "disallow bind_anon" in >> slapd.conf. >> I have checked by "ldapsearch" command and now my ldap doesn't allow >> anonymous bind. >> But I have now problem to use cyrus as it also based on LDAP >> authentication. >> I can't log in in cyrus with Correct userid and passwd but if I disable >> the "disallow bind_anon" I can again use cyrus. >> >> Could any one kindly sugeest me to fix it ? >> >> here is my /etc/imapd.conf >> >> ============================================================== >> configdirectory: /var/lib/imap >> partition-default: /var/spool/imap >> sievedir: /var/lib/sieve >> admins: cyrus >> allowplaintext: yes >> sasl_mech_list: LOGIN PLAIN >> allowanonymouslogin: no >> autocreatequota: 10000 >> reject8bit: no >> quotawarn: 90 >> timeout: 30 >> poptimeout: 10 >> dracinterval: 0 >> drachost: localhost >> sasl_pwcheck_method: saslauthd >> servername:linux.kolkatainfoservices.in >> lmtp_overquota_perm_failure: no >> lmtp_downcase_rcpt: yes >> unixhierarchysep: yes >> loginrealms: kolkatainfoservices.in >> hashimapspool: true >> lmtpsocket: /var/lib/imap/socket/lmtp >> ============================== >> >> >> >> >> >> >> ---- >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >> ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
