Cyrus-SASL + OpenLDAP

Igor Brezac igor at ipass.net
Tue Aug 30 18:43:32 EDT 2005


On Tue, 30 Aug 2005, Edward Ashley wrote:

> Hi,
> I have been trying for ages to try and get my configuration working using 
> cyrus-sasl and openldap to no avail. Please can I have some help with this.
> Basically I have an openldap directory with the domain name as the base 
> directory, then an openexchange schema on top of it. So for the users it 
> looks like this:
>
> ou=Users,ou=OxObjects,dc=example.com
>
> I have a line in the ldap config like this:
>
> sasl-regexp uid=(.*),cn=(.*),cn=DIGEST-MD5,cn=auth 
> uid=$1,ou=Users,ou=OxObjects,dc=$2

does

ldapwhoami -Y DIGEST-MD5 -U userid

work?


>
> so that I can have multiple domains, with SASL authenticating to different 
> domains. I basically want to have cyrus-imap with multiple domains, with each 
> domain having a user list in ldap.
>
> However whenever I try and do testsaslauthd -u user -p password -r 
> example.com it comes back saying no authentication failed. I have set 
> cyrus-sasl to use ldap, and checked that ldap support is compiled into it. I 
> have added the line:
>
> ldap_servers: ldap://127.0.0.1/

You need to add more things here.  If you want to use sasl, try adding:

ldap_use_sasl: yes
ldap_mech: DIGEST-MD5

Check syslog for errors.

-Igor

>
> to my /etc/saslauthd.conf file.
>
> I am using centos 4 (a RHEL4 clone). And have included info from my 
> /etc/openldap/slapd.conf file below. My versions are as follows:
> rpm -aq | grep cyrus
> cyrus-sasl-plain-2.1.19-5.EL4
> cyrus-sasl-devel-2.1.19-5.EL4
> cyrus-sasl-md5-2.1.19-5.EL4
> cyrus-imapd-2.2.12-3.RHEL4.1
> cyrus-sasl-2.1.19-5.EL4
> cyrus-imapd-utils-2.2.12-3.RHEL4.1
>
> Note: I recompiled openldap with the --enable-aci option.
>
> rpm -aq | grep ldap
> compat-openldap-2.1.30-2
> openldap-devel-2.2.13-2
> python-ldap-2.0.1-2
> openldap-2.2.13-2
> openldap-servers-2.2.13-2
> openldap-servers-sql-2.2.13-2
> php-ldap-4.3.9-3.8
> perl-ldap-0.31-1.2.el4.rf
> openldap-clients-2.2.13-2
> nss_ldap-226-6
>
>
> include         /etc/openldap/schema/core.schema
> include         /etc/openldap/schema/cosine.schema
> include         /etc/openldap/schema/inetorgperson.schema
> include         /etc/openldap/schema/nis.schema
> include         /etc/openldap/schema/openxchange.schema
>
> allow bind_v2
>
> sasl-regexp uid=(.*),cn=(.*),cn=DIGEST-MD5,cn=auth 
> uid=$1,ou=Users,ou=OxObjects,dc=$2
>
> pidfile         /var/run/slapd.pid
> argsfile        /var/run/slapd.args
>
> database        ldbm
> suffix          "dc=example.com"
> rootdn          "cn=Manager,dc=example.com"
> directory      /var/lib/ldap
>
> index   uid,mailEnabled,cn,sn,givenname,InetMailAccess,alias,loginDestination 
> eq,sub
>
> Any help would be greatly appreciated.
> Ned
>
>
>

-- 
Igor


More information about the Cyrus-sasl mailing list