Unable to load the ldapdb plugin -- during SMTP AUTH against LDAP server .

Bandaru, Vamsi bandaru.v at pg.com
Mon Apr 27 18:23:30 EDT 2020


Thank you ,

I have emptied the /etc/saslauthd.conf  file and moved all the configuration to /etc/sasl2/smtpd.conf 


************************************************************
pwcheck_method: auxprop
auxprop_plugin: ldapdb

mech_list: PLAIN LOGIN NTLM CRAM-MD5 DIGEST-MD5

ldap_servers: ldaps://xx.xx.xx.:636
ldap_bind_dn: uid=xx,ou=xx,ou=xx,o=xx
ldap_bind_pw: xxxxxxx

ldap_version: 3
ldap_auth_method: bind
ldap_search_base: ou=xx,ou=xx,o=xx
ldap_scope: sub
ldap_filter: ShortName=%U

ldap_mech: DIGEST-MD5

************************************************************

Any recommended ways to test if this is working ? ( I continue to have similar errors in my logs )

# /usr/sbin/pluginviewer -a   >> doesn't list ldapdb .

Installed and properly configured auxprop mechanisms are:
sasldb
List of auxprop plugins follows
Plugin "sasldb" ,       API version: 8
        supports store: yes

******************************************************************

In the meanwhile I will try uninstalling the s/w  reinstalling all the cyrus sasl plugins and then configuring them again .


Regards, Vamsi.

-----Original Message-----
From: Cyrus-sasl <cyrus-sasl-bounces+bandaru.v=pg.com at lists.andrew.cmu.edu> On Behalf Of Alexander Dalloz
Sent: Tuesday, April 28, 2020 3:17 AM
To: cyrus-sasl at lists.andrew.cmu.edu
Subject: Re: Unable to load the ldapdb plugin -- during SMTP AUTH against LDAP server .

CAUTION: This email originated outside P&G. Please exercise caution when opening any links or attachments.


Am 27.04.2020 um 21:06 schrieb Bandaru, Vamsi:
>
> Hi all ,
>
> ( This is my first post here ) ,
>
> I am trying to use Cyrus SASL for SMTP authentication against my organization's LDAP server .
>
> I have two major issues I noticed :
>
> The auth.log under /var/log reads :
>
> Apr 27 14:57:36 postfix-in-1/submission/smtpd[42282]: 
> _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb 
> Apr 27 14:57:36 postfix-in-1/submission/smtpd[42282]: 
> _sasl_plugin_load failed on sasl_canonuser_init for plugin: ldapdb
>
> The message logs read :
>
> saslauthd[85790]: detach_tty      : could not lock pid file /run/saslauthd/saslauthd.pid: Resource temporarily unavailable
> saslauthd[85789]: detach_tty      : Cannot start saslauthd
> saslauthd[85789]: detach_tty      : Another instance of saslauthd is currently running
>
>
> These are the files , and their locations I am trying to configure . ( 
> am I missing any other files to configure )
>
>
>    1.  /etc/saslauthd.conf
>    2.  /etc/sasl2/smtpd.conf
>
>
> My  /etc/saslauthd.conf , is configured in the following way :
>
> ldap_servers: ldaps://< hostname >:636
> ldap_bind_dn: uid=xxx,ou=xx,ou=xx,o=xx
> ldap_bind_pw: xxxx
>
> ldap_version: 3
> ldap_auth_method: bind
> ldap_search_base: ou=xx,ou=ss,o=xx
> ldap_scope: sub
> ldap_filter: ShortName=%U
>
> **********************************************************************
> *
>
> The  /etc/sasl2/smtpd.conf   is configured as :
>
> pwcheck_method: auxprop
> auxprop_plugin: ldapdb
>
> mech_list: PLAIN LOGIN NTLM CRAM-MD5 DIGEST-MD5
>
> ****************************************************************
>
> #ldapdb_mech: LOGIN   ( I am not sure if this parameter should be configured under smtpd.conf or under saslauthd.conf )
>
>
>
> Output of : saslauthd -a ldap -O /etc/saslauthd.conf
>
> # saslauthd -a ldap -O /etc/saslauthd.conf
> saslauthd[91048] :detach_tty      : Cannot start saslauthd
> saslauthd[91048] :detach_tty      : Another instance of saslauthd is currently running
>
>
>
>    *   # ps aux | grep saslauthd
>    *   root      84395  0.0  0.0  74456   956 ?        Ss   18:25   0:00 /usr/sbin/saslauthd -m /run/saslauthd -a ldap -r
>    *   root      84396  0.0  0.0  74456   732 ?        S    18:25   0:00 /usr/sbin/saslauthd -m /run/saslauthd -a ldap -r
>    *   root      84397  0.0  0.0  74456   732 ?        S    18:25   0:00 /usr/sbin/saslauthd -m /run/saslauthd -a ldap -r
>    *   root      84398  0.0  0.0  74456   732 ?        S    18:25   0:00 /usr/sbin/saslauthd -m /run/saslauthd -a ldap -r
>    *   root      84399  0.0  0.0  74456   732 ?        S    18:25   0:00 /usr/sbin/saslauthd -m /run/saslauthd -a ldap -r
>
>
> SASL related configuration under postfix / main.cf file .
>
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_type = cyrus
>
> smtpd_sasl_path = /run/saslauthd/mux
>
> #smtpd_sasl_path = /usr/lib64/sasl2
> smtpd_sasl_security_options = noanonymous smtpd_tls_auth_only = yes 
> smtpd_sasl_tls_security_options = noanonymous
>
>
> **********************************************************************
> *********
>
>
> Could someone please help me if these are the only two files that requires configuration to get SASL working ?
>
>
>    1.  /etc/saslauthd.conf
>    2.  /etc/sasl2/smtpd.conf
>
>
> And if I have got their configuration right .
>
> And these are the packages I currently installed on my RHEL 7 system :
>
> cyrus-sasl-2.1.26-23.el7.x86_64
> cyrus-sasl-devel-2.1.26-23.el7.x86_64
> cyrus-sasl-ldap-2.1.26-23.el7.x86_64
> cyrus-sasl-md5-2.1.26-23.el7.x86_64
> cyrus-sasl-ntlm-2.1.26-23.el7.x86_64
> cyrus-sasl-plain-2.1.26-23.el7.x86_64
> cyrus-sasl-lib-2.1.26-23.el7.x86_64
>
>
> Any help / suggests are greatly appreciated .
>
>
> Thanks and regards, Vamsi.

Hi,

you are mixing 2 options to configure cyrus-sasl with LDAP as the backend, both are exclusive. With other words: either use saslauthd and forget about auxprop with ldapdb or the other way around.

If you opt fo cyrus SASL with ldapdb then check closely the man page:
https://blog.sys4.de/cyrus-sasl-ldapdb-man-page-en.html
The option will have to be defined inb /etc/sasl2/smtpd.conf.

Regards,
Alexander




More information about the Cyrus-sasl mailing list