Cyrus-sasl Digest, Vol 29, Issue 6
NguyenHuynh
huynhnguyen at mikorn.com
Tue Dec 11 02:19:59 EST 2007
Thanks for your help
Perhaps, you misunderstood my idea.
I don't want to use LDAP over SASL authentication
I want to use Postfix over SASL authentication
And SASL get password database from LDAP ( LDAP's
information in the previous message)
Thanks
-----Original Message-----
From: cyrus-sasl-bounces at lists.andrew.cmu.edu
[mailto:cyrus-sasl-bounces at lists.andrew.cmu.edu] On Behalf Of
cyrus-sasl-request at lists.andrew.cmu.edu
Sent: Tuesday, December 11, 2007 1:57 PM
To: cyrus-sasl at lists.andrew.cmu.edu
Subject: Cyrus-sasl Digest, Vol 29, Issue 6
Send Cyrus-sasl mailing list submissions to
cyrus-sasl at lists.andrew.cmu.edu
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.andrew.cmu.edu/mailman/listinfo/cyrus-sasl
or, via email, send a message with subject or body 'help' to
cyrus-sasl-request at lists.andrew.cmu.edu
You can reach the person managing the list at
cyrus-sasl-owner at lists.andrew.cmu.edu
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Cyrus-sasl digest..."
Today's Topics:
1. SASL over LDAP don't work (NguyenHuynh)
2. RE: SASL over LDAP don't work (Guus Leeuw jr.)
----------------------------------------------------------------------
Message: 1
Date: Tue, 11 Dec 2007 11:23:53 +0700
From: "NguyenHuynh" <huynhnguyen at mikorn.com>
Subject: SASL over LDAP don't work
To: <cyrus-sasl at lists.andrew.cmu.edu>
Message-ID: <20071211042353.53A63B170F at h1.yescall.com>
Content-Type: text/plain; charset="us-ascii"
SASL over LDAP
I'm trying to using SASL over LDAP for authentication but I don't still work
yet
Details:
OS: FreeBSD
Packages:
cyrus-sasl-2.1.22 RFC 2222 SASL (Simple Authentication and Security Layer)
cyrus-sasl-ldapdb-2.1.22 SASL LDAPDB auxprop plugin
cyrus-sasl-saslauthd-2.1.22 SASL authentication server for cyrus-sasl2
postfix-current-2.5.20071006,4 A secure alternative to widely-used Sendmail
Configure SASL in main.cf for postfix:
........
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,
reject_unauth_destination, permit_mynetworks, reject
smtpd_sasl_authenticated_header = yes
........
Configure SASL for authentication:
#vi /usr/local/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
auxprop_plugin: ldap
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
Configure LDAP server's details for SASL-ldapdb:
#vi /usr/local/etc/saslauthd.conf
ldap_servers: ldap://192.168.1.70
ldap_search_base: dc=yescall,dc=com,dc=vn
ldap_bind_dn: cn=admin,dc=yescall,dc=com,dc=vn
ldap_password: 123
ldap_filter: (&(objectClass=qmailUser)(mail=%u)(accountStatus=active))
the details of one node in my LDAP
dn: cn=huynhnguyen,dc=yescall.com.vn,o=hosting,dc=yescall,dc=com,dc=vn
accountStatus: active
cn: huynhnguyen
homeDirectory: /vmail/hosting/yescall.com.vn/huynhnguyen
mailMessageStore: /vmail/hosting/yescall.com.vn/huynhnguyen/Maildir/
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: qmailUser
objectClass: CourierMailAccount
sn: Nguyen Dac Huynh2
structuralObjectClass: inetOrgPerson
entryUUID: f069f88e-1c17-102c-93d5-25c7f79a19b1
creatorsName: cn=admin,dc=yescall,dc=com,dc=vn
createTimestamp: 20071031161319Z
mailHost: mail.mikorn.com
userPassword:: aWtvcm40MTI4NA==
mail: huynhnguyen at yescall.com.vn
entryCSN: 20071205114520.832948Z#000000#000#000000
modifiersName: cn=admin,dc=yescall,dc=com,dc=vn
modifyTimestamp: 20071205114520Z
Start saslauthd:
#saslauthd -a ldap /usr/local/etc/saslauthd.conf
I always have authentication fails when using testsaslauth
My problems:
- Must I have a schema in LDAP for SASL only?
- Does it neccessary to change my node in LDAP to another structure which is
suitable with SASL
- How can I use ldap_filter better in this case?
Could anybody help me to solve this problem?
I'm a newbie in OpenSource.
I'm not good in English. Sorry if any problem
Thank you for your careness
Thanks & Best Regards,
Nguyen Dac Huynh
System Engineer
Mirae Ikorn Co., Ltd
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
https://lists.andrew.cmu.edu/mailman/private/cyrus-sasl/attachments/20071211
/dd34142a/attachment-0001.html
------------------------------
Message: 2
Date: Tue, 11 Dec 2007 06:56:45 -0000
From: "Guus Leeuw jr." <guus.leeuw at guusleeuwit.com>
Subject: RE: SASL over LDAP don't work
To: "'NguyenHuynh'" <huynhnguyen at mikorn.com>,
<cyrus-sasl at lists.andrew.cmu.edu>
Message-ID: <00d201c83bc2$feeae400$fcc0ac00$@leeuw at guusleeuwit.com>
Content-Type: text/plain; charset="us-ascii"
Y'ello,
First of all, make sure to read the LDAP Admin Guide at www.openldap.org!
Then, make sure to double check with Turbo's KRB + SASL + OpenLDAP Howto at
www.bayour.com. (Forget about the KRB stuff there, he's got some very good
hints at testing the security install etc.)
As a general rule, you don't want LDAP to be your password database, instead
you want LDAP to use SASL to connect to something more useful like Kerberos
or RADIUS or a combination or something else. This is simply because LDAP is
not meant to be a password database, but rather an information store (as in:
the telephone book in your country doesn't list the PIN code for the
people's bank cards...).
If all else fails, you can always post the exact error you are getting,
increase debug levels all over the place, and make sure to cut and paste the
relevant log entries to the mailing list. A query akin your own query will
not necessarily give any useful hints to other people as to why things would
fail in your particular situation.
Regards,
Guus
From: cyrus-sasl-bounces at lists.andrew.cmu.edu
[mailto:cyrus-sasl-bounces at lists.andrew.cmu.edu] On Behalf Of NguyenHuynh
Sent: 11 December 2007 04:24
To: cyrus-sasl at lists.andrew.cmu.edu
Subject: SASL over LDAP don't work
SASL over LDAP
I'm trying to using SASL over LDAP for authentication but I don't still work
yet
Details:
OS: FreeBSD
Packages:
cyrus-sasl-2.1.22 RFC 2222 SASL (Simple Authentication and Security Layer)
cyrus-sasl-ldapdb-2.1.22 SASL LDAPDB auxprop plugin
cyrus-sasl-saslauthd-2.1.22 SASL authentication server for cyrus-sasl2
postfix-current-2.5.20071006,4 A secure alternative to widely-used Sendmail
Configure SASL in main.cf for postfix:
........
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,
reject_unauth_destination, permit_mynetworks, reject
smtpd_sasl_authenticated_header = yes
........
Configure SASL for authentication:
#vi /usr/local/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
auxprop_plugin: ldap
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
Configure LDAP server's details for SASL-ldapdb:
#vi /usr/local/etc/saslauthd.conf
ldap_servers: ldap://192.168.1.70
ldap_search_base: dc=yescall,dc=com,dc=vn
ldap_bind_dn: cn=admin,dc=yescall,dc=com,dc=vn
ldap_password: 123
ldap_filter: (&(objectClass=qmailUser)(mail=%u)(accountStatus=active))
the details of one node in my LDAP
dn: cn=huynhnguyen,dc=yescall.com.vn,o=hosting,dc=yescall,dc=com,dc=vn
accountStatus: active
cn: huynhnguyen
homeDirectory: /vmail/hosting/yescall.com.vn/huynhnguyen
mailMessageStore: /vmail/hosting/yescall.com.vn/huynhnguyen/Maildir/
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: qmailUser
objectClass: CourierMailAccount
sn: Nguyen Dac Huynh2
structuralObjectClass: inetOrgPerson
entryUUID: f069f88e-1c17-102c-93d5-25c7f79a19b1
creatorsName: cn=admin,dc=yescall,dc=com,dc=vn
createTimestamp: 20071031161319Z
mailHost: mail.mikorn.com
userPassword:: aWtvcm40MTI4NA==
mail: huynhnguyen at yescall.com.vn
entryCSN: 20071205114520.832948Z#000000#000#000000
modifiersName: cn=admin,dc=yescall,dc=com,dc=vn
modifyTimestamp: 20071205114520Z
Start saslauthd:
#saslauthd -a ldap /usr/local/etc/saslauthd.conf
I always have authentication fails when using testsaslauth
My problems:
- Must I have a schema in LDAP for SASL only?
- Does it neccessary to change my node in LDAP to another structure which is
suitable with SASL
- How can I use ldap_filter better in this case?
Could anybody help me to solve this problem?
I'm a newbie in OpenSource.
I'm not good in English. Sorry if any problem
Thank you for your careness
Thanks & Best Regards,
Nguyen Dac Huynh
System Engineer
Mirae Ikorn Co., Ltd
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
https://lists.andrew.cmu.edu/mailman/private/cyrus-sasl/attachments/20071211
/952d21f1/attachment.html
------------------------------
_______________________________________________
Cyrus-sasl mailing list
Cyrus-sasl at lists.andrew.cmu.edu
https://lists.andrew.cmu.edu/mailman/listinfo/cyrus-sasl
End of Cyrus-sasl Digest, Vol 29, Issue 6
*****************************************
More information about the Cyrus-sasl
mailing list