problems with cyrus sasl ldap pam authentication

nikolay.nenchev at rbb.bg nikolay.nenchev at rbb.bg
Tue Sep 20 02:18:43 EDT 2005


> nikolay.nenchev at rbb.bg writes:
>
>> Hi list,
>> I have problems with authenticating user from openldap direcory through
>> saslauthd that is using pam authentication.
>> My configuration is:
>> Debian 3.1 Sarge kernel 2.4.27-2-386
>> Postfix 2.1.5-9, postfix-ldap 2.1.5-9
>> Cyrus-common, cyrus-imapd, cyrus-admin, cyrus-client 2.1.18-1
>> Sasl2-bin, libsasl2, libsasl2-module 2.1.19-1.5
>
> [...]
>> I have create user account (posixAccount) in ldap through phpldapadmin.
>> My
>> ldif file is:
>> #dn: dc=rbb,dc=bg
>> #objectclass: top
>> #objectclass: organization
>> #o: RBB
>>
> [...]
>
> Most likely you don't have any entries in your directory, as this ldif
> file definitely got refused, because object class dcObject and the
> attribute dc are missing.
>
> -Dieter
>
> --
> Dieter Klьnter | Systemberatung
> http://www.dkluenter.de
> GPG Key ID:8EF7B6C6
>
>

I have tried directly to put in /etc/default/saslauthd mechanism=ldap, but
the error is the same.
Here is my ldapsearch result:

mail2:~# ldapsearch -x -H ldap://127.0.0.1/ -b 'dc=rbb,dc=bg'
'(objectclass=*)'
# extended LDIF
#
# LDAPv3
# base <dc=rbb,dc=bg> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#

# rbb.bg
dn: dc=rbb,dc=bg
objectClass: top
objectClass: dcObject
objectClass: organization
dc: rbb
o: RaiffeisenBank

# sasl, rbb.bg
dn: uid=sasl,dc=rbb,dc=bg
uid: sasl
objectClass: top
objectClass: account
objectClass: simpleSecurityObject

# cyrus, rbb.bg
dn: uid=cyrus,dc=rbb,dc=bg
uid: cyrus
givenName: cyrus
sn: cyrus
cn: cyrus
uidNumber: 10000
gidNumber: 10000
homeDirectory: /home/cyrus
shadowMin: -1
shadowMax: 999999
shadowWarning: 7
shadowInactive: -1
shadowExpire: -1
shadowFlag: 0
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
loginShell: /bin/false

# admin, rbb.bg
dn: uid=admin,dc=rbb,dc=bg
uid: admin
givenName: admin
sn: admin
cn: admin
loginShell: /bin/false
uidNumber: 10001
gidNumber: 10001
homeDirectory: /home/admin
shadowMin: -1
shadowMax: 999999
shadowWarning: 7
shadowInactive: -1
shadowExpire: -1
shadowFlag: 0
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson

# niki, rbb.bg
dn: uid=niki,dc=rbb,dc=bg
uid: niki
givenName: niki
sn: niki
cn: niki
loginShell: /bin/false
uidNumber: 10002
gidNumber: 10002
homeDirectory: /home/niki
shadowMin: -1
shadowMax: 999999
shadowWarning: 7
shadowInactive: -1
shadowExpire: -1
shadowFlag: 0
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson

# search result
search: 2
result: 0 Success

# numResponses: 6
# numEntries: 5
mail2:~#

I have create users with different attributes just for test purpose.

Regards,
Nikolay Nenchev



More information about the Cyrus-sasl mailing list