On 19-04-13 14:06, Marc Patermann wrote: > Paul, > > Paul van der Vlis schrieb (19.04.2013 11:58 Uhr): > >> I am trying to get saslauthd working > While this is not IMAPd related, why don't your try a SASL list? I am not a member of it. I have tried to post to it via Gmane but my mail was refused... >> to authenticate on openLDAP with >> passwords stored with a MD5 hash (base64 encoded) in the field >> UserPassword. The passwords are created with smb-ldap so I think it's >> normal that they are base64 encoded. > Is SASL auxprop ldapdb not an option for you? I am a Cyrus user for about 10 years, and I have always used saslauthd. Most of the time using PAM, but sometimes LDAP to Microsoft AD and to Novell. But I have never authenticated to OpenLDAP before. >> "testsaslauthd -u mailtest -p secret" gives always "authentication >> failed". In auth.log I see always: "Bind failed". >> >> I've tried many options in saslauthd.conf, at the moment it's this: >> -------- >> ldap_servers: ldap://192.168.28.240/ >> ldap_auth_method: custom >> ldap_bind_dn: uid=admin,dc=domain,dc=local >> ldap_bind_pw: secret >> ldap_search_base: ou=Users,dc=domain,dc=local >> ldap_filter: cn=%u >> -------- > what does > # ldapsearch -H ldap://192.168.28.240/ -x -D > uid=admin,dc=domain,dc=local -w secret -B ou=Users,dc=domain,dc=local > cn=oneOfYourUsernames > for you? It first gave an error because -B has to be -b, after the changing it, it says "ldap_bind: Invalid credentials (49)". Hmmmm. But because I had another working ldapsearch string, I looked at the differences and I found the solution! This was wrong: ldap_bind_dn: uid=admin,dc=domain,dc=local This is right: ldap_bind_dn: cn=admin,dc=domain,dc=local Many thanks for your help! >> I am using cyrus-sasl2 version 2.1.25.dfsg1-6 from Debian Wheezy. >> LDAP is on an old machine (Ubuntu 8.04, slapd version 2.4.7). > FYI: For a production use LDAP server it is best advice from the > openldap developers to use the lastest version, which is 2.4.35. This is an environment what should be replaced but what is in production for many years and for many people. I am only hired for the mailserver.. With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
