SASL LDAP authentication
Jackie Hunt
jackie at yuma.colostate.edu
Sun Sep 13 23:43:11 EDT 2009
Hi all,
I am trying to get authenticated SMTP running here on campus, and we are
wanting to authenticate against Active Directory. We are running
sendmail, and I've been able to get it to work using the UNIX password
file. However, I'm having trouble when I try to use ldap to authenticate.
I'm working on RedHat ES rel4 with cyrus-sasl 2.1.19. My first
question is whether or not cyrus-sasl-lib is required for this to work?
It's not installed on my test box. However, I tried another Linux
system we have that does have cyrus-sasl-lib installed, and things still
don't work. I know I'm missing something crucial, so any help would be
greatly appreciated.
When I run saslauthd -v I see:
saslauthd 2.1.19
authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap
So, I'm assuming it has everything it needs compiled in to do ldap
authentication.
I then edited the /etc/sysconfig/saslauthd file, and changed the
MECH=pam line to MECH=ldap.
Then I created a /etc/saslauthd.conf file with the contents:
ldap_servers: ldap://129.82.xxx.xxx/
ldap_bind_dn: cn=xxxxx,ou=xxxxxxxxxxx,dc=ColoState,dc=edu
ldap_password: xxxxxxxx
ldap_filter: (sAMAccountName=%u)
ldap_search_base: dc=colostate,dc=edu
ldap_auth_method: bind
Then I start saslauthd the following command:
/usr/sbin/saslauthd -a ldap -d -O /etc/saslauthd.conf
Then I run a command to test it:
/usr/sbin/testsaslauthd -u jackie -p xxxxx
And the output I see is:
saslauthd[8045] :main : num_procs : 5
saslauthd[8045] :main : mech_option: /etc/saslauthd.conf
saslauthd[8045] :main : run_path : /var/run/saslauthd
saslauthd[8045] :main : auth_mech : ldap
saslauthd[8045] :ipc_init : using accept lock file:
/var/run/saslauthd/mux.accept
saslauthd[8045] :detach_tty : master pid is: 0
saslauthd[8045] :ipc_init : listening on socket:
/var/run/saslauthd/mux
saslauthd[8045] :main : using process model
saslauthd[8046] :get_accept_lock : acquired accept lock
saslauthd[8045] :have_baby : forked child: 8046
saslauthd[8045] :have_baby : forked child: 8047
saslauthd[8045] :have_baby : forked child: 8048
saslauthd[8045] :have_baby : forked child: 8049
saslauthd[8046] :rel_accept_lock : released accept lock
saslauthd[8047] :get_accept_lock : acquired accept lock
saslauthd[8046] :do_auth : auth failure: [user=jackie]
[service=imap] [realm=] [mech=ldap] [reason=Unknown]
saslauthd[8046] :do_request : response: NO
saslauthd[8047] :rel_accept_lock : released accept lock
I don't see where it is trying to authenticate as the ldap_bind I
specified in the configuration file. Should it do that first?
I would really appreciate any help. I've been struggling with this for
several days.
Thanks so much!
Jackie Hunt
Colorado State University
More information about the Cyrus-sasl
mailing list