saslauthd + ldap configuration

George Forman georgeforman69 at hotmail.com
Thu Apr 24 14:17:08 EDT 2008 

Hi,

Ultimately, I need to get postfix + saslauthd using ldap for authentication.

Right now I am unable to get my saslauthd daemon to connect to my ldap server to do the bind for password authentication.

I'm getting the following error:
 ./saslauthd -a ldap -m /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/state -O /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/etc/saslauthd.conf -d
saslauthd[16688] :main            : num_procs  : 5
saslauthd[16688] :main            : mech_option: /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/etc/saslauthd.conf
saslauthd[16688] :main            : run_path   : /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/state
saslauthd[16688] :main            : auth_mech  : ldap
saslauthd[16688] :ipc_init        : using accept lock file: /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/state/m
.accept
saslauthd[16688] :detach_tty      : master pid is: 0
saslauthd[16688] :ipc_init        : listening on socket: /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/state/mux
saslauthd[16688] :main            : using process model
saslauthd[16689] :get_accept_lock : acquired accept lock
saslauthd[16688] :have_baby       : forked child: 16689
saslauthd[16688] :have_baby       : forked child: 16690
saslauthd[16688] :have_baby       : forked child: 16691
saslauthd[16688] :have_baby       : forked child: 16692



saslauthd[16689] :rel_accept_lock : released accept lock
saslauthd[16690] :get_accept_lock : acquired accept lock
saslauthd[16689] :do_auth         : auth failure: [user=myuser] [service=imap] [realm=mydomain.com] [mech=ldap] [reason=Unknown]
saslauthd[16689] :do_request      : response: NO
saslauthd[16690] :rel_accept_lock : released accept lock
saslauthd[16690] :do_auth         : auth failure: [user=myuser] [service=imap] [realm=mydomain.com] [mech=ldap] [reason=Unknown]
saslauthd[16690] :do_request      : response: NO
saslauthd[16688] :get_accept_lock : acquired accept lock
saslauthd[16688] :rel_accept_lock : released accept lock
saslauthd[16690] :get_accept_lock : acquired accept lock
saslauthd[16688] :do_auth         : auth failure: [user=myuser] [service=ldap] [realm=mydomain.com] [mech=ldap] [reason=Unknown]
saslauthd[16688] :do_request      : response: NO


/var/log/messages:
Apr 24 09:10:34 brutus2 saslauthd[16688]: rel_accept_lock : released accept lock
Apr 24 09:10:34 brutus2 saslauthd[16688]: rel_accept_lock : released accept lock
Apr 24 09:10:34 brutus2 saslauthd[16690]: get_accept_lock : acquired accept lock
Apr 24 09:10:34 brutus2 saslauthd[16690]: get_accept_lock : acquired accept lock
Apr 24 09:10:34 brutus2 saslauthd[16688]: ldap_simple_bind() failed -1 (Can't contact LDAP server).
Apr 24 09:10:34 brutus2 saslauthd[16688]: ldap_simple_bind() failed -1 (Can't contact LDAP server).
Apr 24 09:10:34 brutus2 saslauthd[16688]: Retrying authentication
Apr 24 09:10:34 brutus2 saslauthd[16688]: Retrying authentication
Apr 24 09:10:34 brutus2 saslauthd[16688]: ldap_simple_bind() failed -1 (Can't contact LDAP server).
Apr 24 09:10:34 brutus2 saslauthd[16688]: ldap_simple_bind() failed -1 (Can't contact LDAP server).
Apr 24 09:10:34 brutus2 saslauthd[16688]: Authentication failed for myuser/mydomain.com: Retry condition (ldap server connecti
on reset or broken) (-3)
Apr 24 09:10:34 brutus2 saslauthd[16688]: Authentication failed for myuser/mydomain.com: Retry condition (ldap server connecti
on reset or broken) (-3)
Apr 24 09:10:34 brutus2 saslauthd[16688]: do_auth         : auth failure: [user=myuser] [service=ldap] [realm=mydomain.com] [m
ech=ldap] [reason=Unknown]
Apr 24 09:10:34 brutus2 saslauthd[16688]: do_auth         : auth failure: [user=myuser] [service=ldap] [realm=mydomain.com] [m
ech=ldap] [reason=Unknown]
Apr 24 09:10:34 brutus2 saslauthd[16688]: do_request      : response: NO
Apr 24 09:10:34 brutus2 saslauthd[16688]: do_request      : response: NO
Apr 24 14:05:27 brutus2 saslauthd[16689]: server_exit     : child exited: 16689
Apr 24 14:05:27 brutus2 saslauthd[16689]: server_exit     : child exited: 16689
Apr 24 14:05:27 brutus2 saslauthd[16688]: server_exit     : pid file lock removed: /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/state
/saslauthd.pid.lock
Apr 24 14:05:27 brutus2 saslauthd[16688]: server_exit     : pid file lock removed: /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/state
/saslauthd.pid.lock
Apr 24 14:05:27 brutus2 saslauthd[16688]: ipc_cleanup     : accept lock file removed: /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/st
ate/mux.accept
Apr 24 14:05:27 brutus2 saslauthd[16688]: ipc_cleanup     : accept lock file removed: /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/st
ate/mux.accept
Apr 24 14:05:27 brutus2 saslauthd[16688]: ipc_cleanup     : socket removed: /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/state/mux
Apr 24 14:05:27 brutus2 saslauthd[16688]: ipc_cleanup     : socket removed: /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/state/mux



I am using testsaslauthd to do my connection:
 ./testsaslauthd -f /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/state/mux -u myuser -r mydomain.com -p test123 -s ldap
0: NO "authentication failed"


My config file: /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/etc/saslauthd.conf

ldap_server: ldap://myhost.mydomain.com:4389
ldap_bind_dn: "uid=%u,ou=people"
ldap_auth_method: bind 
ldap_verbose: on 
ldap_debug: 10
ldap_version: 3
ldap_ssl: no 
ldap_start_tls: no 
#sasl_pwcheck_method:ldap
sasl_saslauthd_path: /opt/zimbra/cyrus-sasl-2.1.22.ZIMBRA/state


I can run ldapsearch successfully against my zimbra ldap server. 
I am not sure my saslauthd.conf file is correctly configured. Secondly, I can't seem to get saslauthd to do more robust logging.

Any help is greatly appreciated






_________________________________________________________________
Spell a grand slam in this game where word skill meets World Series. Get in the game.
http://club.live.com/word_slugger.aspx?icid=word_slugger_wlhm_admod_april08

More information about the Cyrus-sasl mailing list