Problem using saslauthd against ldap server ...
Dan White
dwhite at olp.net
Tue Jun 5 11:42:12 EDT 2018
On 06/04/18 22:42 +0000, Robert Werner wrote:
>I'm trying to use saslauthd to test "auth plain" and "auth login"
>authentication against our LDAP data store using the "MECH=ldap"
>configuration.
>
>When saslauthd tries to bind with the credentials, it is only sending 7
>characters of the password. I've validated this by using Wireshark to
>examine the sasl communications. The ldap search for the user is
>successful and saslauthd is finding the correct user and binding as
>desired. But the auth fails, obviously, because the only 7 characters of
>the actual (9 character) password is sent.
>
>If I use the "MECH=pam" and authenticate against a valid user (also with a
>password that is 9 charcaters) on the local server, the authentication is
>successful.
>
>I'm running this on RHEL 7.5 with cyrus-sasl* packages that are version
>"2.1.26-23.el7.x86_64", ie:
>
>cyrus-sasl-plain-2.1.26-23.el7.x86_64
>cyrus-sasl-2.1.26-23.el7.x86_64
>cyrus-sasl-gssapi-2.1.26-23.el7.x86_64
>cyrus-sasl-lib-2.1.26-23.el7.x86_64
>
>I've attached my smtp.conf, saslauthd and saslauthd.conf files (with
>passwords redacted).
>
>Is there a configuration I'm missing or have I found a bug? Any
>suggestions as to how to get around this problem?
>ldap_bind_dn: <user>
>ldap_bind_pw: <password>
>ldap_servers: ldap://lplds.ucmerced.edu
>ldap_search_base: dc=ucmerced,dc=edu
>ldap_filter: uid=%U
>ldap_version: 3
>log_level: 7
>log_level: 7
>pwcheck_method: saslauthd
>mech_list: plain login
Is this problem reproducable with testsaslauthd and smtptest?
Disable saslauthd caching (without -c) and run in debug (-d) mode for
additional output. Set 'debug: -1' (man 3 ldap_set_option), in
saslauthd.conf to increase libldap's output.
Is this problem specific to a particular user name? If so, would you mind
sharing what that username is?
--
Dan White
More information about the Cyrus-sasl
mailing list