problems sasl not create database sasl.db

spiderslack spiderslack at yahoo.com.br
Fri Oct 15 14:17:54 EDT 2010


On 09/07/2010 05:51 PM, Dan White wrote:
> On 07/09/10 16:59 -0400, spiderslack wrote:
>>> That's an unusual location for the sasldb file. Did you compile 
>>> sasl? If
>>> so, which options did you pass to configure, and which version are you
>>> using?
>>
>> I compiled the sasl'm using mandriva and installed the package via 
>> urpmi.
>>
>> But I found that the package does not provide support for mandriva 
>> sasldb as the command below.
>>
>> [root at localhost ~]# saslauthd -v
>> saslauthd 2.1.23
>> authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap
>
> saslauthd is not the preferred interface to sasldb, and in fact is 
> disabled
> by default. You'd have to recompile saslauthd to get it.
>
> The preferred method is to specify 'pwcheck_method: auxprop', and
> 'auxprop_plugin: sasldb' within your application SASL config file.
>
>> changed the variable SASL_AUTHMECH for "ldap in file 
>> /etc/sysconfig/saslauthd.
>
> Are you abandoning sasldb?
>

Yes, i using auxprop ldap

>> After that I tried to access via testsaslauth and ran track but 
>> ldapsearch command does not work. Below the configuration files and 
>> command output sasl.
>>
>> Any idea where I might be wrong. I thank you
>>
>>
>> cat /etc/saslauthd.conf
>> ldap_servers: ldap://127.0.0.1
>> ldap_port: 389
>> ldap_version: 3
>> ldap_referrals: no
>> ldap_search_base: dc=exemplo,dc=com,dc=br
>> ldap_auth_method: bind
>>
>>
>> [root at localhost ~]# testsaslauthd -u user -p 123456
>> 0: OK "Success."
>> [root at localhost ~]#
>>
>>
>> [root at localhost ~]# ldapsearch -LLL -Y DIGEST-MD5 -U user cn=benjamin cn
>> SASL/DIGEST-MD5 authentication started
>> Please enter your password:
>> ldap_sasl_interactive_bind_s: Invalid credentials (49)
>>    additional info: SASL(-13): user not found: no secret in database
>> [root at localhost ~]#
>
> You're doing two different things there.
>
> saslauthd, with your configuration, is doing, roughly:
>
> ldapsearch -x -b "dc=exemplo,dc=com,dc=br" -H "ldap://127.0.0.1" 
> uid=user dn
>   (anonymous bind)
> and given the $dn that is returned:
> ldapwhoami -x -b "dc=exemplo,dc=com,dc=br" -H "ldap://127.0.0.1" \
>   -D "$dn" -w 123456
>

thanks thus worked. I use this way.

Regards.

__________________________________________________
Fale com seus amigos  de graça com o novo Yahoo! Messenger 
http://br.messenger.yahoo.com/ 



More information about the Cyrus-sasl mailing list