saslauthd + ldap configuration
George Forman
georgeforman69 at hotmail.com
Thu Apr 24 14:17:08 EDT 2008
Hi,
Ultimately, I need to get postfix + saslauthd using ldap for authentication.
Right now I am unable to get my saslauthd daemon to connect to my ldap server to do the bind for password authentication.
I'm getting the following error:
./saslauthd -a ldap -m /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/state -O /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/etc/saslauthd.conf -d
saslauthd[16688] :main : num_procs : 5
saslauthd[16688] :main : mech_option: /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/etc/saslauthd.conf
saslauthd[16688] :main : run_path : /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/state
saslauthd[16688] :main : auth_mech : ldap
saslauthd[16688] :ipc_init : using accept lock file: /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/state/m
.accept
saslauthd[16688] :detach_tty : master pid is: 0
saslauthd[16688] :ipc_init : listening on socket: /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/state/mux
saslauthd[16688] :main : using process model
saslauthd[16689] :get_accept_lock : acquired accept lock
saslauthd[16688] :have_baby : forked child: 16689
saslauthd[16688] :have_baby : forked child: 16690
saslauthd[16688] :have_baby : forked child: 16691
saslauthd[16688] :have_baby : forked child: 16692
saslauthd[16689] :rel_accept_lock : released accept lock
saslauthd[16690] :get_accept_lock : acquired accept lock
saslauthd[16689] :do_auth : auth failure: [user=myuser] [service=imap] [realm=mydomain.com] [mech=ldap] [reason=Unknown]
saslauthd[16689] :do_request : response: NO
saslauthd[16690] :rel_accept_lock : released accept lock
saslauthd[16690] :do_auth : auth failure: [user=myuser] [service=imap] [realm=mydomain.com] [mech=ldap] [reason=Unknown]
saslauthd[16690] :do_request : response: NO
saslauthd[16688] :get_accept_lock : acquired accept lock
saslauthd[16688] :rel_accept_lock : released accept lock
saslauthd[16690] :get_accept_lock : acquired accept lock
saslauthd[16688] :do_auth : auth failure: [user=myuser] [service=ldap] [realm=mydomain.com] [mech=ldap] [reason=Unknown]
saslauthd[16688] :do_request : response: NO
/var/log/messages:
Apr 24 09:10:34 brutus2 saslauthd[16688]: rel_accept_lock : released accept lock
Apr 24 09:10:34 brutus2 saslauthd[16688]: rel_accept_lock : released accept lock
Apr 24 09:10:34 brutus2 saslauthd[16690]: get_accept_lock : acquired accept lock
Apr 24 09:10:34 brutus2 saslauthd[16690]: get_accept_lock : acquired accept lock
Apr 24 09:10:34 brutus2 saslauthd[16688]: ldap_simple_bind() failed -1 (Can't contact LDAP server).
Apr 24 09:10:34 brutus2 saslauthd[16688]: ldap_simple_bind() failed -1 (Can't contact LDAP server).
Apr 24 09:10:34 brutus2 saslauthd[16688]: Retrying authentication
Apr 24 09:10:34 brutus2 saslauthd[16688]: Retrying authentication
Apr 24 09:10:34 brutus2 saslauthd[16688]: ldap_simple_bind() failed -1 (Can't contact LDAP server).
Apr 24 09:10:34 brutus2 saslauthd[16688]: ldap_simple_bind() failed -1 (Can't contact LDAP server).
Apr 24 09:10:34 brutus2 saslauthd[16688]: Authentication failed for myuser/mydomain.com: Retry condition (ldap server connecti
on reset or broken) (-3)
Apr 24 09:10:34 brutus2 saslauthd[16688]: Authentication failed for myuser/mydomain.com: Retry condition (ldap server connecti
on reset or broken) (-3)
Apr 24 09:10:34 brutus2 saslauthd[16688]: do_auth : auth failure: [user=myuser] [service=ldap] [realm=mydomain.com] [m
ech=ldap] [reason=Unknown]
Apr 24 09:10:34 brutus2 saslauthd[16688]: do_auth : auth failure: [user=myuser] [service=ldap] [realm=mydomain.com] [m
ech=ldap] [reason=Unknown]
Apr 24 09:10:34 brutus2 saslauthd[16688]: do_request : response: NO
Apr 24 09:10:34 brutus2 saslauthd[16688]: do_request : response: NO
Apr 24 14:05:27 brutus2 saslauthd[16689]: server_exit : child exited: 16689
Apr 24 14:05:27 brutus2 saslauthd[16689]: server_exit : child exited: 16689
Apr 24 14:05:27 brutus2 saslauthd[16688]: server_exit : pid file lock removed: /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/state
/saslauthd.pid.lock
Apr 24 14:05:27 brutus2 saslauthd[16688]: server_exit : pid file lock removed: /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/state
/saslauthd.pid.lock
Apr 24 14:05:27 brutus2 saslauthd[16688]: ipc_cleanup : accept lock file removed: /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/st
ate/mux.accept
Apr 24 14:05:27 brutus2 saslauthd[16688]: ipc_cleanup : accept lock file removed: /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/st
ate/mux.accept
Apr 24 14:05:27 brutus2 saslauthd[16688]: ipc_cleanup : socket removed: /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/state/mux
Apr 24 14:05:27 brutus2 saslauthd[16688]: ipc_cleanup : socket removed: /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/state/mux
I am using testsaslauthd to do my connection:
./testsaslauthd -f /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/state/mux -u myuser -r mydomain.com -p test123 -s ldap
0: NO "authentication failed"
My config file: /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/etc/saslauthd.conf
ldap_server: ldap://myhost.mydomain.com:4389
ldap_bind_dn: "uid=%u,ou=people"
ldap_auth_method: bind
ldap_verbose: on
ldap_debug: 10
ldap_version: 3
ldap_ssl: no
ldap_start_tls: no
#sasl_pwcheck_method:ldap
sasl_saslauthd_path: /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/state
I can run ldapsearch successfully against my zimbra ldap server.
I am not sure my saslauthd.conf file is correctly configured. Secondly, I can't seem to get saslauthd to do more robust logging.
Any help is greatly appreciated
_________________________________________________________________
Spell a grand slam in this game where word skill meets World Series. Get in the game.
http://club.live.com/word_slugger.aspx?icid=word_slugger_wlhm_admod_april08
More information about the Cyrus-sasl
mailing list