OpenLDAP and cyrus-sasl authentication
james tan
jamestan_98 at hotmail.com
Thu Sep 6 00:31:17 EDT 2007
Hi,
Version
LDAP openldap-2.3.27
cyrus-sasl-2.1.22
I have been trying to figure out what is happening but failed for the last
few days. I am sorry for the long email where I tried the various debug
output. I just wonder where goes wrong?
I already have my ldap user created in ldbm, do I need anything like sasldb2
again? I am lost! :(
I tried this but it failed.
./testsaslauthd -u tancentos2 at domain.com -p mypasswd
saslauthd[6118] :do_auth : auth failure:
[user=tancentos2 at domain.com] [service=imap] [realm=] [mech=ldap]
[reason=Unknown]
saslauthd[6118] :do_request : response: NO
The following are my configuration for saslauthd.conf
ldap_servers: ldap://127.0.0.1
ldap_search_base: o=hosting,dc=example,dc=tld
ldap_filter: (&(objectClass=VirtualMailAccount)(mail=%u@%r)))
ldap_bind_dn: cn=cyrus,dc=example,dc=tld
ldap_password: secret
ldap_auth_method: bind
ldap_start_tls: no
I tried to debug with openldap, I got the follownig but I noticed that the
tancentos2 at domain.com is not passed to ldap but the binding looks ok ?
connection_get(13): got connid=1
connection_read(13): checking for input on id=1
ber_get_next
ber_get_next: tag 0x30 len 48 contents:
ber_get_next
ber_get_next on fd 13 failed errno=11 (Resource temporarily unavailable)
do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
>>>dnPrettyNormal: <cn=cyrus,dc=example,dc=tld>
<<< dnPrettyNormal: <cn=cyrus,dc=example,dc=tld>,
<cn=cyrus,dc=example,dc=tld>
do_bind: version=3 dn="cn=cyrus,dc=example,dc=tld" method=128
dn2entry_r: dn: "cn=cyrus,dc=example,dc=tld"
=> dn2id( "cn=cyrus,dc=example,dc=tld" )
====> cache_find_entry_ndn2id("cn=cyrus,dc=example,dc=tld"): 34 (1 tries)
<= dn2id 34 (in cache)
=> id2entry_r( 34 )
====> cache_find_entry_id( 34 ) "cn=cyrus,dc=example,dc=tld" (found) (1
tries)
<= id2entry_r( 34 ) 0x8b1ca98 (cache)
====> cache_return_entry_r( 34 ): returned (0)
send_ldap_result: conn=1 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=49
ber_flush: 14 bytes to sd 13
Then, I tried
ldapsearch -LLL -s sub -v -x "(mail=tancentos2 at domain.com)" -b
"o=hosting,dc=example,dc=tld" cn sn
it returns the cn and sn.
If I take away the "-x", then problem came. The following are the debug
output from ldap
SASL [conn=2] Debug: DIGEST-MD5 server step 2
slap_sasl_getdn: u:id converted to uid=root,cn=DIGEST-MD5,cn=auth
>>>dnNormalize: <uid=root,cn=DIGEST-MD5,cn=auth>
<<< dnNormalize: <uid=root,cn=digest-md5,cn=auth>
==>slap_sasl2dn: converting SASL name uid=root,cn=digest-md5,cn=auth to a DN
slap_authz_regexp: converting SASL name uid=root,cn=digest-md5,cn=auth
<==slap_sasl2dn: Converted SASL name to <nothing>
SASL [conn=2] Error: unable to open Berkeley db /etc/sasldb2: No such file
or directory
_________________________________________________________________
Get a FREE small business Web site and more from Microsoft® Office Live!
http://clk.atdmt.com/MRT/go/aub0930003811mrt/direct/01/
More information about the Cyrus-sasl
mailing list