Problem using saslauthd against ldap server ...

Robert Werner rwerner2 at ucmerced.edu
Mon Jun 4 18:42:05 EDT 2018 

I'm trying to use saslauthd to test "auth plain" and "auth login" authentication against our LDAP data store using the "MECH=ldap" configuration.


When saslauthd tries to bind with the credentials,  it is only sending 7 characters of the password.  I've validated this by using Wireshark to examine the sasl communications.  The ldap search for the user is successful and saslauthd is finding the correct user and binding as desired.  But the auth fails,  obviously,  because the only 7 characters of the actual (9 character) password is sent.


If I use the "MECH=pam" and authenticate against a valid user (also with a password that is 9 charcaters) on the local server,  the authentication is successful.


I'm running this on RHEL 7.5 with cyrus-sasl* packages that are version "2.1.26-23.el7.x86_64",  ie:

cyrus-sasl-plain-2.1.26-23.el7.x86_64
cyrus-sasl-2.1.26-23.el7.x86_64
cyrus-sasl-gssapi-2.1.26-23.el7.x86_64
cyrus-sasl-lib-2.1.26-23.el7.x86_64

I've attached my smtp.conf,  saslauthd and saslauthd.conf files (with passwords redacted).

Is there a configuration I'm missing or have I found a bug?  Any suggestions as to how to get around this problem?


--

Robert G. Werner

Systems Administrator

University of California Merced,  Office of Information Technology

rwerner2 at ucmerced.edu<mailto:rwerner2 at ucmerced.edu> | it.ucmerced.edu<https://it.ucmerced.edu/> | 209.201.4368

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20180604/1ac348cc/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: saslauthd.conf
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20180604/1ac348cc/attachment.conf>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: smtpd.conf
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20180604/1ac348cc/attachment-0001.conf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: saslauthd
Type: application/octet-stream
Size: 453 bytes
Desc: saslauthd
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20180604/1ac348cc/attachment.obj>

More information about the Cyrus-sasl mailing list