multiple instances of saslauthd
Dan White
dwhite at olp.net
Mon Mar 22 18:37:26 EDT 2010
On 22/03/10 17:26 +0000, Purahoo, Krishan wrote:
> Hi all,
> I am trying to authenticate against multiple Active Directory
> servers from openldap.
>
> I have started multiple (two) saslauthd servers and can use
> testsaslauthd to successfully authenticate against any of
> my two AD (Active Directory) servers.
>
> I start my two saslauthd servers, as
>
>
> saslauthd -m /var/run/saslauthda -a ldap -O /etc/saslauthd_a.conf -r
> saslauthd -m /var/run/saslauthdb -a ldap -O /etc/saslauthd_b.conf -r
>
> Using testsaslauthd, as follows works OK
>
> testsaslauthd -f /var/run/saslauthd_a/mux -u joe at example_1.com -p xxx
>
> testsaslauthd -f /var/run/saslauthd_b/mux -u jill at example_2.com -p xxx
>
>
> I can't seem to be able to configure openldap to authenticate against
> both AD servers. I can authenticate against one at a time.
>
> When I configure /etc/sasl2/slapd.conf with the following lines
>
> mech_list: plain
> pwcheck_method: saslauthd
> saslauthd_path: /var/run/saslauth_a/mux
I'm not aware of a way to reference two saslauthd paths that way.
The ldap_servers parameter in the saslauthd ldap config accepts multiple
ldap servers, but I assume that doesn't work the way you need it to.
You can have multiple pwcheck_methods, which should work, but isn't a very
clean solution.
For authentication to the first server, you could you saslauthd, and for
authentication to the second server, you could do one of:
auxprop using the giengerldap plugin - ldapdb probably won't work with active
directory:
(http://southbrain.com/south/2008/06/writing-a-cyrus-sasl-ldap-auxp.html)
authdaemon (courier) using it's pam config, which in turn uses one of
pamldap/nssldap/nssov/nss-ldapd (I'm not sure which of these may work with
Active Directory)
--
Dan White
More information about the Cyrus-sasl
mailing list