SASL over LDAP don't work

NguyenHuynh huynhnguyen at mikorn.com
Mon Dec 10 23:23:53 EST 2007 

SASL over LDAP 
 
I'm trying to using SASL over LDAP for authentication but I don't still work
yet
 
Details: 
OS: FreeBSD
Packages: 
cyrus-sasl-2.1.22   RFC 2222 SASL (Simple Authentication and Security Layer)
cyrus-sasl-ldapdb-2.1.22 SASL LDAPDB auxprop plugin
cyrus-sasl-saslauthd-2.1.22 SASL authentication server for cyrus-sasl2
postfix-current-2.5.20071006,4 A secure alternative to widely-used Sendmail
 
Configure SASL in  main.cf for postfix:
........
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,
reject_unauth_destination,     permit_mynetworks, reject
smtpd_sasl_authenticated_header = yes
........
 
Configure SASL for authentication: 
#vi /usr/local/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
auxprop_plugin: ldap
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
 
Configure LDAP server's details for SASL-ldapdb:      
#vi /usr/local/etc/saslauthd.conf
ldap_servers: ldap://192.168.1.70
ldap_search_base:       dc=yescall,dc=com,dc=vn
ldap_bind_dn:   cn=admin,dc=yescall,dc=com,dc=vn
ldap_password:  123
ldap_filter:    (&(objectClass=qmailUser)(mail=%u)(accountStatus=active))
 
the details of one node in my LDAP
dn: cn=huynhnguyen,dc=yescall.com.vn,o=hosting,dc=yescall,dc=com,dc=vn
accountStatus: active
cn: huynhnguyen
homeDirectory: /vmail/hosting/yescall.com.vn/huynhnguyen
mailMessageStore: /vmail/hosting/yescall.com.vn/huynhnguyen/Maildir/
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: qmailUser
objectClass: CourierMailAccount
sn: Nguyen Dac Huynh2
structuralObjectClass: inetOrgPerson
entryUUID: f069f88e-1c17-102c-93d5-25c7f79a19b1
creatorsName: cn=admin,dc=yescall,dc=com,dc=vn
createTimestamp: 20071031161319Z
mailHost: mail.mikorn.com
userPassword:: aWtvcm40MTI4NA==
mail: huynhnguyen at yescall.com.vn
entryCSN: 20071205114520.832948Z#000000#000#000000
modifiersName: cn=admin,dc=yescall,dc=com,dc=vn
modifyTimestamp: 20071205114520Z
 
Start saslauthd:
#saslauthd -a ldap /usr/local/etc/saslauthd.conf
 
I always have authentication fails when using testsaslauth
 
My problems: 
- Must I have a schema in LDAP for SASL only?
- Does it neccessary to change my node in LDAP to another structure which is
suitable with SASL
- How can I use ldap_filter better in this case? 
 
Could anybody help me to solve this problem?
I'm a newbie in OpenSource.
I'm not good in English. Sorry if  any problem
Thank you for your careness
 
 
Thanks & Best Regards,
Nguyen Dac Huynh
System Engineer
Mirae Ikorn Co., Ltd
 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.andrew.cmu.edu/mailman/private/cyrus-sasl/attachments/20071211/dd34142a/attachment.html

More information about the Cyrus-sasl mailing list