saslauthd with ldap directory as backend
Patrick Ben Koetter
p at state-of-mind.de
Mon Jan 25 13:21:58 EST 2010
Eric,
* Eric Belhomme <eric.belhomme at eve-team.com>:
> I'm newbie with sasl and I'm very confused the way it works... I googled
> for hours and RTFMed online docs and my Debian /usr/share/doc
> directories... But I still feel SASL very obscure !
> So I'm going to ask here some help, expecting someone will be able to
> let me understand what I do !
>
> * What I have ?
>
> - 3 Debian Lenny servers, with running OpenLDAP directory for user and
> passwords authentication,
> - a postfix server, with virtual users from the LDAP directory
> - a dovecot server, with virtual users from the LDAP directory
>
> * What I want to do ?
>
> - enable SASL auth for postfix
> - migrate from dovecot to cyrus Imapd+Murder
> - enable SASL auth for cyrus imapd and murder, using my LDAP directory
>
> * What I did :
>
> installing saslauthd with this config :
are the passwords in your directory encrypted or are they plaintext?
> ldap_servers: ldap://127.0.0.1/
> ldap_bind_dn: cn=saslauth,dc=eve-team,dc=com
> ldap_bind_pw: ***passwd***
> ldap_filter: (&(uid=%u)(objectClass=evePerson))
> ldap_search_base: ou=People,dc=eve-team,dc=com
> ldap_scope: one
>
> Then I started saslauthd daemon like this :
>
> /usr/sbin/saslauthd -a ldap -c -m /var/run/saslauthd -d
>
> Finally, I tried to test the auth with test tools :
Use testsaslauthd.
> Both slapd and saslauthd are stared as debug processes, and nothing
> happens ! It's like the sasl-sample-server tools don't even try to
> connect the saslauthd daemon !
Quite likely you don't have a /etc/sasl/sample.conf telling sasl-sample-server
to use saslauthd.
Take a look at /var/log/auth.log.
Also start saslauthd from commandline with an additional "-d". It will keep
attached to your shell and you will be able to see debug output.
p at rick
>
> I'm pretty sure I missed some important thinks in the knowledge of sasl
> mechs but as I'm not a specialist it actually looks for me like...
> voodoo or something like that ;)
>
> thanks for your help,
>
> --
> Rico
--
All technical questions asked privately will be automatically answered on the
list and archived for public access unless privacy is explicitely required and
justified.
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
More information about the Cyrus-sasl
mailing list