saslauthd : ldaps with Active Directory not working
Dan White
dwhite at olp.net
Fri Mar 26 22:50:26 EDT 2010
On 25/03/10 11:03 +0100, MEURISSE CLAUDE wrote:
>The configuration works fine when I use LDAP between Cyrus SASLAUTHD and Active Directory.
>As soon as I turn on LDAPS in the saslauthd.conf, I receive an auth failure (invalid credentials) :
>
>saslauthd[12276] :rel_accept_lock : released accept lock
>saslauthd[12277] :get_accept_lock : acquired accept lock
>saslauthd[12276] :do_auth : auth failure: [user=myuser at luinternal.subsidiary.bank] [service=ldap] [realm=internal.subsidiary.bank] [mech=ldap] [reason=Unknown]
>saslauthd[12276] :do_request : response: NO
>
>I can sucessfully bind in LDAPS with a standard LDAP Client (Like LDAP Browser/Editor 2.8.2 from Jarek Gawor)
>
>Here is my saslauthd.conf :
>
>ldap_servers: ldaps://internal.subsidiary.bank/
>ldap_search_base: OU=Standard,OU=User_Accounts,DC=internal,DC=subsidiary,DC=bank
>ldap_filter: (userPrincipalName=%u)
>
>ldap_bind_dn: CN=myuser,OU=Standard,OU=User_Accounts,DC=internal,DC=subsidiary,DC=bank
>ldap_password: secret
>ldap_tls_cacert_file: /tmp/cert.pem
Assuming you have compiled your saslauthd against the openldap library, you
can use ldapsearch to simulate the binds, with debugging set - assuming
LDAP_DEBUG was enabled during openldap compile:
echo "TLS_CACERT /tmp/cert.pem" >> ~/.ldaprc
ldapsearch -d -1 -x -H ldaps://internal/subsidiary.bank/ -D
CN=myuser,OU=Standard,OU=User_Accounts,DC=internal,DC=subsidiary,DC=bank -w
secret -b OU=Standard,OU=User_Accounts,DC=internal,DC=subsidiary,DC=bank
"(userPrincipal=myuser at luinternal.subsidiary.bank)"
And then does saslauthd rebind using the user's DN and password? I'm not
sure.
--
Dan White
More information about the Cyrus-sasl
mailing list