Cyrus-SASL + OpenLDAP
Igor Brezac
igor at ipass.net
Tue Aug 30 18:43:32 EDT 2005
On Tue, 30 Aug 2005, Edward Ashley wrote:
> Hi,
> I have been trying for ages to try and get my configuration working using
> cyrus-sasl and openldap to no avail. Please can I have some help with this.
> Basically I have an openldap directory with the domain name as the base
> directory, then an openexchange schema on top of it. So for the users it
> looks like this:
>
> ou=Users,ou=OxObjects,dc=example.com
>
> I have a line in the ldap config like this:
>
> sasl-regexp uid=(.*),cn=(.*),cn=DIGEST-MD5,cn=auth
> uid=$1,ou=Users,ou=OxObjects,dc=$2
does
ldapwhoami -Y DIGEST-MD5 -U userid
work?
>
> so that I can have multiple domains, with SASL authenticating to different
> domains. I basically want to have cyrus-imap with multiple domains, with each
> domain having a user list in ldap.
>
> However whenever I try and do testsaslauthd -u user -p password -r
> example.com it comes back saying no authentication failed. I have set
> cyrus-sasl to use ldap, and checked that ldap support is compiled into it. I
> have added the line:
>
> ldap_servers: ldap://127.0.0.1/
You need to add more things here. If you want to use sasl, try adding:
ldap_use_sasl: yes
ldap_mech: DIGEST-MD5
Check syslog for errors.
-Igor
>
> to my /etc/saslauthd.conf file.
>
> I am using centos 4 (a RHEL4 clone). And have included info from my
> /etc/openldap/slapd.conf file below. My versions are as follows:
> rpm -aq | grep cyrus
> cyrus-sasl-plain-2.1.19-5.EL4
> cyrus-sasl-devel-2.1.19-5.EL4
> cyrus-sasl-md5-2.1.19-5.EL4
> cyrus-imapd-2.2.12-3.RHEL4.1
> cyrus-sasl-2.1.19-5.EL4
> cyrus-imapd-utils-2.2.12-3.RHEL4.1
>
> Note: I recompiled openldap with the --enable-aci option.
>
> rpm -aq | grep ldap
> compat-openldap-2.1.30-2
> openldap-devel-2.2.13-2
> python-ldap-2.0.1-2
> openldap-2.2.13-2
> openldap-servers-2.2.13-2
> openldap-servers-sql-2.2.13-2
> php-ldap-4.3.9-3.8
> perl-ldap-0.31-1.2.el4.rf
> openldap-clients-2.2.13-2
> nss_ldap-226-6
>
>
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include /etc/openldap/schema/inetorgperson.schema
> include /etc/openldap/schema/nis.schema
> include /etc/openldap/schema/openxchange.schema
>
> allow bind_v2
>
> sasl-regexp uid=(.*),cn=(.*),cn=DIGEST-MD5,cn=auth
> uid=$1,ou=Users,ou=OxObjects,dc=$2
>
> pidfile /var/run/slapd.pid
> argsfile /var/run/slapd.args
>
> database ldbm
> suffix "dc=example.com"
> rootdn "cn=Manager,dc=example.com"
> directory /var/lib/ldap
>
> index uid,mailEnabled,cn,sn,givenname,InetMailAccess,alias,loginDestination
> eq,sub
>
> Any help would be greatly appreciated.
> Ned
>
>
>
--
Igor
More information about the Cyrus-sasl
mailing list