saslauthd with ldap directory as backend

Eric Belhomme eric.belhomme at eve-team.com
Mon Jan 25 12:55:22 EST 2010 

Hi all,

I'm newbie with sasl and I'm very confused the way it works... I googled
for hours and RTFMed online docs and my Debian /usr/share/doc
directories... But I still feel SASL very obscure !
So I'm going to ask here some help, expecting someone will be able to
let me understand what I do !

* What I have ?

- 3 Debian Lenny servers, with running OpenLDAP directory for user and
passwords authentication,
- a postfix server, with virtual users from the LDAP directory
- a dovecot server, with virtual users from the LDAP directory

* What I want to do ?

- enable SASL auth for postfix
- migrate from dovecot to cyrus Imapd+Murder
- enable SASL auth for cyrus imapd and murder, using my LDAP directory

* What I did :

installing saslauthd with this config :

ldap_servers: ldap://127.0.0.1/
ldap_bind_dn: cn=saslauth,dc=eve-team,dc=com
ldap_bind_pw: ***passwd***
ldap_filter: (&(uid=%u)(objectClass=evePerson))
ldap_search_base: ou=People,dc=eve-team,dc=com
ldap_scope: one

Then I started saslauthd daemon like this :

/usr/sbin/saslauthd -a ldap -c -m /var/run/saslauthd -d

Finally, I tried to test the auth with test tools :

On a shell :
cyrus:~# sasl-sample-server -s host -p /usr/lib/sasl2 
Generating client mechanism list...
Sending list of 6 mechanism(s)
S: TE9HSU4gRElHRVNULU1ENSBQTEFJTiBDUkFNLU1ENSBOVExNIEFOT05ZTU9VUw==
Waiting for client mechanism...

On another shell :
sasl-sample-client -s host -p /usr/lib/sasl2 -n cyrus -u rico
service=host
Waiting for mechanism list from server...
TE9HSU4gRElHRVNULU1ENSBQTEFJTiBDUkFNLU1ENSBOVExNIEFOT05ZTU9VUw==sasl-sample-client: Unable to parse input


Both slapd and saslauthd are stared as debug processes, and nothing
happens ! It's like the sasl-sample-server tools don't even try to
connect the saslauthd daemon !

I'm pretty sure I missed some important thinks in the knowledge of sasl
mechs but as I'm not a specialist it actually looks for me like...
voodoo or something like that ;)

thanks for your help,

-- 
Rico
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5335 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20100125/59c840a9/attachment.bin

More information about the Cyrus-sasl mailing list