saslauthd with ldap directory as backend

Patrick Ben Koetter p at
Mon Jan 25 13:21:58 EST 2010


* Eric Belhomme <eric.belhomme at>:
> I'm newbie with sasl and I'm very confused the way it works... I googled
> for hours and RTFMed online docs and my Debian /usr/share/doc
> directories... But I still feel SASL very obscure !
> So I'm going to ask here some help, expecting someone will be able to
> let me understand what I do !
> * What I have ?
> - 3 Debian Lenny servers, with running OpenLDAP directory for user and
> passwords authentication,
> - a postfix server, with virtual users from the LDAP directory
> - a dovecot server, with virtual users from the LDAP directory
> * What I want to do ?
> - enable SASL auth for postfix
> - migrate from dovecot to cyrus Imapd+Murder
> - enable SASL auth for cyrus imapd and murder, using my LDAP directory
> * What I did :
> installing saslauthd with this config :

are the passwords in your directory encrypted or are they plaintext?

> ldap_servers: ldap://
> ldap_bind_dn: cn=saslauth,dc=eve-team,dc=com
> ldap_bind_pw: ***passwd***
> ldap_filter: (&(uid=%u)(objectClass=evePerson))
> ldap_search_base: ou=People,dc=eve-team,dc=com
> ldap_scope: one
> Then I started saslauthd daemon like this :
> /usr/sbin/saslauthd -a ldap -c -m /var/run/saslauthd -d
> Finally, I tried to test the auth with test tools :

Use testsaslauthd.

> Both slapd and saslauthd are stared as debug processes, and nothing
> happens ! It's like the sasl-sample-server tools don't even try to
> connect the saslauthd daemon !

Quite likely you don't have a /etc/sasl/sample.conf telling sasl-sample-server
to use saslauthd.

Take a look at /var/log/auth.log.

Also start saslauthd from commandline with an additional "-d". It will keep
attached to your shell and you will be able to see debug output.

p at rick

> I'm pretty sure I missed some important thinks in the knowledge of sasl
> mechs but as I'm not a specialist it actually looks for me like...
> voodoo or something like that ;)
> thanks for your help,
> -- 
> Rico

All technical questions asked privately will be automatically answered on the
list and archived for public access unless privacy is explicitely required and

saslfinger (debugging SMTP AUTH):

More information about the Cyrus-sasl mailing list