saslauthd with ldap directory as backend
Patrick Ben Koetter
p at state-of-mind.de
Mon Jan 25 13:21:58 EST 2010
* Eric Belhomme <eric.belhomme at eve-team.com>:
> I'm newbie with sasl and I'm very confused the way it works... I googled
> for hours and RTFMed online docs and my Debian /usr/share/doc
> directories... But I still feel SASL very obscure !
> So I'm going to ask here some help, expecting someone will be able to
> let me understand what I do !
> * What I have ?
> - 3 Debian Lenny servers, with running OpenLDAP directory for user and
> passwords authentication,
> - a postfix server, with virtual users from the LDAP directory
> - a dovecot server, with virtual users from the LDAP directory
> * What I want to do ?
> - enable SASL auth for postfix
> - migrate from dovecot to cyrus Imapd+Murder
> - enable SASL auth for cyrus imapd and murder, using my LDAP directory
> * What I did :
> installing saslauthd with this config :
are the passwords in your directory encrypted or are they plaintext?
> ldap_servers: ldap://127.0.0.1/
> ldap_bind_dn: cn=saslauth,dc=eve-team,dc=com
> ldap_bind_pw: ***passwd***
> ldap_filter: (&(uid=%u)(objectClass=evePerson))
> ldap_search_base: ou=People,dc=eve-team,dc=com
> ldap_scope: one
> Then I started saslauthd daemon like this :
> /usr/sbin/saslauthd -a ldap -c -m /var/run/saslauthd -d
> Finally, I tried to test the auth with test tools :
> Both slapd and saslauthd are stared as debug processes, and nothing
> happens ! It's like the sasl-sample-server tools don't even try to
> connect the saslauthd daemon !
Quite likely you don't have a /etc/sasl/sample.conf telling sasl-sample-server
to use saslauthd.
Take a look at /var/log/auth.log.
Also start saslauthd from commandline with an additional "-d". It will keep
attached to your shell and you will be able to see debug output.
p at rick
> I'm pretty sure I missed some important thinks in the knowledge of sasl
> mechs but as I'm not a specialist it actually looks for me like...
> voodoo or something like that ;)
> thanks for your help,
All technical questions asked privately will be automatically answered on the
list and archived for public access unless privacy is explicitely required and
saslfinger (debugging SMTP AUTH):
More information about the Cyrus-sasl