sasl auth against Active Directory

Dan White dwhite at olp.net
Tue Mar 30 23:03:41 EDT 2010


On 30/03/10 18:16 +0200, Geoff wrote:
> I'm trying to set up sasl auth against ldap (Active Directory) to  
> authenticate subversion users.
>
> I set up the ladp mechanism and testing it with testsaslauthd but I just  
> can't have it working.
>
> I'm running Debian Lenny and saslauthd 2.1.22
>
> The error message logged is :
> Authentication failed for MYUSER: Bind to ldap server failed (invalid  
> user/password or insufficient access) (-7)
>
> Here are the settings :
> ---------------------------------------------------------------------------------
> ldap_servers: ldap://x.x.x.x/
> ldap_search_base: OU=Vibrateam,DC=domain,DC=ext
> #
> ldap_bind_dn: CN=AdminUser,OU=organisation,DC=domain,DC=ext
> ldap_bind_pw: secret
> #
> ldap_use_sasl: no
> ldap_start_tls: no
> ldap_version: 3
> ldap_auth_method: bind
> ldap_filter: (sAMAccountName=%u)
> ---------------------------------------------------------------------------------

I was able to configure saslauthd to work against a Windows 2003 Standard
Edition server with:

ldap_servers: ldap://192.0.2.1/
ldap_search_base: OU=Users,OU=BTC,DC=example,DC=com
#
ldap_bind_dn: Administrator at example.com
ldap_bind_pw: secret
#
ldap_use_sasl: no
ldap_start_tls: no
ldap_version: 3
ldap_auth_method: bind
ldap_filter: (sAMAccountName=%u)

I had to play around a bit with an ldapsearch command to find out what
Active Directory wanted for a dn:

ldapsearch -x -H ldap://192.0.2.1 -D Administrator at example.com -w
secret -b OU=Users,OU=BTC,dc=example,dc=com

-- 
Dan White


More information about the Cyrus-sasl mailing list