Unable to load the ldapdb plugin -- during SMTP AUTH against LDAP server .
Bandaru, Vamsi
bandaru.v at pg.com
Mon Apr 27 16:22:11 EDT 2020
Adding the output of pluginviewer : ldapdb is not listed as a one of the auxprop mechanisms :
# /usr/sbin/pluginviewer -a
Installed and properly configured auxprop mechanisms are:
sasldb
List of auxprop plugins follows
Plugin "sasldb" , API version: 8
supports store: yes
and I don't have a pluginviewer.conf on my system , another conf file I have is : /etc/sasl2/slapd.conf
# cat /etc/sasl2/slapd.conf
mech_list: plain
pwcheck_method: saslauthd
saslauthd_path: /var/run/saslauthd/mux
( this doesn't look right )
Regards,
From: Cyrus-sasl <cyrus-sasl-bounces+bandaru.v=pg.com at lists.andrew.cmu.edu> On Behalf Of Bandaru, Vamsi
Sent: Tuesday, April 28, 2020 12:37 AM
To: cyrus-sasl at lists.andrew.cmu.edu
Subject: Unable to load the ldapdb plugin -- during SMTP AUTH against LDAP server .
CAUTION: This email originated outside P&G. Please exercise caution when opening any links or attachments.
Hi all ,
( This is my first post here ) ,
I am trying to use Cyrus SASL for SMTP authentication against my organization's LDAP server .
I have two major issues I noticed :
The auth.log under /var/log reads :
Apr 27 14:57:36 postfix-in-1/submission/smtpd[42282]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb
Apr 27 14:57:36 postfix-in-1/submission/smtpd[42282]: _sasl_plugin_load failed on sasl_canonuser_init for plugin: ldapdb
The message logs read :
saslauthd[85790]: detach_tty : could not lock pid file /run/saslauthd/saslauthd.pid: Resource temporarily unavailable
saslauthd[85789]: detach_tty : Cannot start saslauthd
saslauthd[85789]: detach_tty : Another instance of saslauthd is currently running
These are the files , and their locations I am trying to configure . ( am I missing any other files to configure )
1. /etc/saslauthd.conf
2. /etc/sasl2/smtpd.conf
My /etc/saslauthd.conf , is configured in the following way :
ldap_servers: ldaps://< hostname >:636
ldap_bind_dn: uid=xxx,ou=xx,ou=xx,o=xx
ldap_bind_pw: xxxx
ldap_version: 3
ldap_auth_method: bind
ldap_search_base: ou=xx,ou=ss,o=xx
ldap_scope: sub
ldap_filter: ShortName=%U
***********************************************************************
The /etc/sasl2/smtpd.conf is configured as :
pwcheck_method: auxprop
auxprop_plugin: ldapdb
mech_list: PLAIN LOGIN NTLM CRAM-MD5 DIGEST-MD5
****************************************************************
#ldapdb_mech: LOGIN ( I am not sure if this parameter should be configured under smtpd.conf or under saslauthd.conf )
Output of : saslauthd -a ldap -O /etc/saslauthd.conf
# saslauthd -a ldap -O /etc/saslauthd.conf
saslauthd[91048] :detach_tty : Cannot start saslauthd
saslauthd[91048] :detach_tty : Another instance of saslauthd is currently running
* # ps aux | grep saslauthd
* root 84395 0.0 0.0 74456 956 ? Ss 18:25 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a ldap -r
* root 84396 0.0 0.0 74456 732 ? S 18:25 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a ldap -r
* root 84397 0.0 0.0 74456 732 ? S 18:25 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a ldap -r
* root 84398 0.0 0.0 74456 732 ? S 18:25 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a ldap -r
* root 84399 0.0 0.0 74456 732 ? S 18:25 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a ldap -r
SASL related configuration under postfix / main.cf file .
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = cyrus
smtpd_sasl_path = /run/saslauthd/mux
#smtpd_sasl_path = /usr/lib64/sasl2
smtpd_sasl_security_options = noanonymous
smtpd_tls_auth_only = yes
smtpd_sasl_tls_security_options = noanonymous
*******************************************************************************
Could someone please help me if these are the only two files that requires configuration to get SASL working ?
1. /etc/saslauthd.conf
2. /etc/sasl2/smtpd.conf
And if I have got their configuration right .
And these are the packages I currently installed on my RHEL 7 system :
cyrus-sasl-2.1.26-23.el7.x86_64
cyrus-sasl-devel-2.1.26-23.el7.x86_64
cyrus-sasl-ldap-2.1.26-23.el7.x86_64
cyrus-sasl-md5-2.1.26-23.el7.x86_64
cyrus-sasl-ntlm-2.1.26-23.el7.x86_64
cyrus-sasl-plain-2.1.26-23.el7.x86_64
cyrus-sasl-lib-2.1.26-23.el7.x86_64
Any help / suggests are greatly appreciated .
Thanks and regards, Vamsi.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20200427/2fb36034/attachment-0001.html>
More information about the Cyrus-sasl
mailing list