problems with cyrus sasl ldap pam authentication
nikolay.nenchev at rbb.bg
nikolay.nenchev at rbb.bg
Tue Sep 20 10:53:22 EDT 2005
>> nikolay.nenchev at rbb.bg writes:
>>
>>> Hi list,
>>> I have problems with authenticating user from openldap direcory through
>>> saslauthd that is using pam authentication.
>>> My configuration is:
>>> Debian 3.1 Sarge kernel 2.4.27-2-386
>>> Postfix 2.1.5-9, postfix-ldap 2.1.5-9
>>> Cyrus-common, cyrus-imapd, cyrus-admin, cyrus-client 2.1.18-1
>>> Sasl2-bin, libsasl2, libsasl2-module 2.1.19-1.5
>>
>> [...]
>>> I have create user account (posixAccount) in ldap through phpldapadmin.
>>> My
>>> ldif file is:
>>> #dn: dc=rbb,dc=bg
>>> #objectclass: top
>>> #objectclass: organization
>>> #o: RBB
>>>
>> [...]
>>
>> Most likely you don't have any entries in your directory, as this ldif
>> file definitely got refused, because object class dcObject and the
>> attribute dc are missing.
>>
>> -Dieter
>>
>> --
>> Dieter Klьnter | Systemberatung
>> http://www.dkluenter.de
>> GPG Key ID:8EF7B6C6
>>
>>
>
> I have tried directly to put in /etc/default/saslauthd mechanism=ldap, but
> the error is the same.
> Here is my ldapsearch result:
>
> mail2:~# ldapsearch -x -H ldap://127.0.0.1/ -b 'dc=rbb,dc=bg'
> '(objectclass=*)'
> # extended LDIF
> #
> # LDAPv3
> # base <dc=rbb,dc=bg> with scope sub
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # rbb.bg
> dn: dc=rbb,dc=bg
> objectClass: top
> objectClass: dcObject
> objectClass: organization
> dc: rbb
> o: RaiffeisenBank
>
> # sasl, rbb.bg
> dn: uid=sasl,dc=rbb,dc=bg
> uid: sasl
> objectClass: top
> objectClass: account
> objectClass: simpleSecurityObject
>
> # cyrus, rbb.bg
> dn: uid=cyrus,dc=rbb,dc=bg
> uid: cyrus
> givenName: cyrus
> sn: cyrus
> cn: cyrus
> uidNumber: 10000
> gidNumber: 10000
> homeDirectory: /home/cyrus
> shadowMin: -1
> shadowMax: 999999
> shadowWarning: 7
> shadowInactive: -1
> shadowExpire: -1
> shadowFlag: 0
> objectClass: top
> objectClass: person
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: inetOrgPerson
> loginShell: /bin/false
>
> # admin, rbb.bg
> dn: uid=admin,dc=rbb,dc=bg
> uid: admin
> givenName: admin
> sn: admin
> cn: admin
> loginShell: /bin/false
> uidNumber: 10001
> gidNumber: 10001
> homeDirectory: /home/admin
> shadowMin: -1
> shadowMax: 999999
> shadowWarning: 7
> shadowInactive: -1
> shadowExpire: -1
> shadowFlag: 0
> objectClass: top
> objectClass: person
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: inetOrgPerson
>
> # niki, rbb.bg
> dn: uid=niki,dc=rbb,dc=bg
> uid: niki
> givenName: niki
> sn: niki
> cn: niki
> loginShell: /bin/false
> uidNumber: 10002
> gidNumber: 10002
> homeDirectory: /home/niki
> shadowMin: -1
> shadowMax: 999999
> shadowWarning: 7
> shadowInactive: -1
> shadowExpire: -1
> shadowFlag: 0
> objectClass: top
> objectClass: person
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: inetOrgPerson
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 6
> # numEntries: 5
> mail2:~#
>
> I have create users with different attributes just for test purpose.
>
> Regards,
> Nikolay Nenchev
>
>
Also log from auth.log is:
Sep 20 17:42:23 localhost saslauthd[9440]: pam_ldap: ldap_search_s No such
object
Sep 20 17:42:23 localhost saslauthd[9440]: DEBUG: auth_pam:
pam_authenticate failed: Permission denied
Sep 20 17:42:23 localhost saslauthd[9440]: do_auth : auth failure:
[user=cyrus] [service=imap] [realm=] [mech=pam] [reason=PAM auth error]
Regards,
Nikolay Nenchev
More information about the Cyrus-sasl
mailing list