Unable to load the ldapdb plugin -- during SMTP AUTH against LDAP server .

Bandaru, Vamsi bandaru.v at pg.com
Mon Apr 27 16:22:11 EDT 2020 

Adding the output of pluginviewer : ldapdb is not listed as a one of the auxprop mechanisms :

# /usr/sbin/pluginviewer -a

Installed and properly configured auxprop mechanisms are:
sasldb
List of auxprop plugins follows
Plugin "sasldb" ,       API version: 8
        supports store: yes


and I don't have a pluginviewer.conf on my system , another conf file I have is : /etc/sasl2/slapd.conf


# cat /etc/sasl2/slapd.conf
mech_list: plain
pwcheck_method: saslauthd
saslauthd_path: /var/run/saslauthd/mux


( this doesn't look right )


Regards,

From: Cyrus-sasl <cyrus-sasl-bounces+bandaru.v=pg.com at lists.andrew.cmu.edu> On Behalf Of Bandaru, Vamsi
Sent: Tuesday, April 28, 2020 12:37 AM
To: cyrus-sasl at lists.andrew.cmu.edu
Subject: Unable to load the ldapdb plugin -- during SMTP AUTH against LDAP server .

CAUTION: This email originated outside P&G. Please exercise caution when opening any links or attachments.


Hi all ,

( This is my first post here ) ,

I am trying to use Cyrus SASL for SMTP authentication against my organization's LDAP server .

I have two major issues I noticed :

The auth.log under /var/log reads :

Apr 27 14:57:36 postfix-in-1/submission/smtpd[42282]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb
Apr 27 14:57:36 postfix-in-1/submission/smtpd[42282]: _sasl_plugin_load failed on sasl_canonuser_init for plugin: ldapdb

The message logs read :

saslauthd[85790]: detach_tty      : could not lock pid file /run/saslauthd/saslauthd.pid: Resource temporarily unavailable
saslauthd[85789]: detach_tty      : Cannot start saslauthd
saslauthd[85789]: detach_tty      : Another instance of saslauthd is currently running


These are the files , and their locations I am trying to configure . ( am I missing any other files to configure )


  1.  /etc/saslauthd.conf
  2.  /etc/sasl2/smtpd.conf


My  /etc/saslauthd.conf , is configured in the following way :

ldap_servers: ldaps://< hostname >:636
ldap_bind_dn: uid=xxx,ou=xx,ou=xx,o=xx
ldap_bind_pw: xxxx

ldap_version: 3
ldap_auth_method: bind
ldap_search_base: ou=xx,ou=ss,o=xx
ldap_scope: sub
ldap_filter: ShortName=%U

***********************************************************************

The  /etc/sasl2/smtpd.conf   is configured as :

pwcheck_method: auxprop
auxprop_plugin: ldapdb

mech_list: PLAIN LOGIN NTLM CRAM-MD5 DIGEST-MD5

****************************************************************

#ldapdb_mech: LOGIN   ( I am not sure if this parameter should be configured under smtpd.conf or under saslauthd.conf )



Output of : saslauthd -a ldap -O /etc/saslauthd.conf

# saslauthd -a ldap -O /etc/saslauthd.conf
saslauthd[91048] :detach_tty      : Cannot start saslauthd
saslauthd[91048] :detach_tty      : Another instance of saslauthd is currently running



  *   # ps aux | grep saslauthd
  *   root      84395  0.0  0.0  74456   956 ?        Ss   18:25   0:00 /usr/sbin/saslauthd -m /run/saslauthd -a ldap -r
  *   root      84396  0.0  0.0  74456   732 ?        S    18:25   0:00 /usr/sbin/saslauthd -m /run/saslauthd -a ldap -r
  *   root      84397  0.0  0.0  74456   732 ?        S    18:25   0:00 /usr/sbin/saslauthd -m /run/saslauthd -a ldap -r
  *   root      84398  0.0  0.0  74456   732 ?        S    18:25   0:00 /usr/sbin/saslauthd -m /run/saslauthd -a ldap -r
  *   root      84399  0.0  0.0  74456   732 ?        S    18:25   0:00 /usr/sbin/saslauthd -m /run/saslauthd -a ldap -r


SASL related configuration under postfix / main.cf file .

smtpd_sasl_auth_enable = yes
smtpd_sasl_type = cyrus

smtpd_sasl_path = /run/saslauthd/mux

#smtpd_sasl_path = /usr/lib64/sasl2
smtpd_sasl_security_options = noanonymous
smtpd_tls_auth_only = yes
smtpd_sasl_tls_security_options = noanonymous


*******************************************************************************


Could someone please help me if these are the only two files that requires configuration to get SASL working ?


  1.  /etc/saslauthd.conf
  2.  /etc/sasl2/smtpd.conf


And if I have got their configuration right .

And these are the packages I currently installed on my RHEL 7 system :

cyrus-sasl-2.1.26-23.el7.x86_64
cyrus-sasl-devel-2.1.26-23.el7.x86_64
cyrus-sasl-ldap-2.1.26-23.el7.x86_64
cyrus-sasl-md5-2.1.26-23.el7.x86_64
cyrus-sasl-ntlm-2.1.26-23.el7.x86_64
cyrus-sasl-plain-2.1.26-23.el7.x86_64
cyrus-sasl-lib-2.1.26-23.el7.x86_64


Any help / suggests are greatly appreciated .


Thanks and regards, Vamsi.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20200427/2fb36034/attachment-0001.html>

More information about the Cyrus-sasl mailing list