saslauthd: Can't contact LDAP server
Ana Ribas/Upcnet
ana.ribas at upcnet.es
Thu Jul 17 08:39:17 EDT 2003
Once commented the line and restarted, the problem has been solved.
Thank you.
- ANNA -
Igor Brezac
<igor at ypass.net>
To
17/07/2003 14:14 Ana Ribas/Upcnet
<ana.ribas at upcnet.es>
cc
info-cyrus at lists.andrew.cmu.edu
Subject
Re: saslauthd: Can't contact LDAP
server
On Thu, 17 Jul 2003, Ana Ribas/Upcnet wrote:
> Hello,
>
> First of all, here's what I've got:
>
> Solaris 8
> Cyrus IMAP 2.1.13
> Cyrus SASL 2.1.15
> OpenLDAP 2.1.22 libraries
> OpenSSL 0.9.6
>
> I run saslauthd with ldap authentication working against
> Lotus Domino eDirectory but this is the response when I make the test:
>
> > ./testsaslauthd -u 99990010 -p hola123
> 0: NO "authentication failed"
>
> This is my /usr/local/etc/saslauthd.conf :
>
> #ldap_servers: ldap://albinoni.upc.es/
> ldap_servers: ldap://147.83.194.10/
> ldap_bind_dn: o=lcx
You are missing ldap_bind_pw
or in case of anonymous bind, ldap_bind_dn should not be specified.
Based on your ldapsearch example below, comment out ldap_bind_dn, restart
saslauthd and try again.
> #ldap_search_base: o=LCX
> #ldap_auth_method: custom
> ldap_port: 389
> ldap_uidattr: uid
> #ldap_filter: (&(cn=%u) (objectclass=person))
>
> and the results in the /var/log/auth.log file:
>
> Jul 17 12:46:55 delius saslauthd[27671]: [ID 390612 auth.warning]
> ldap_simple_bind() failed as o=lcx (Can't contact LDAP server)
> Jul 17 12:46:55 delius saslauthd[27671]: [ID 462440 auth.warning]
> lak_bind() failed
> Jul 17 12:46:55 delius saslauthd[27671]: [ID 285309 auth.info] do_auth
> : auth failure: [user=99990010] [service=imap] [realm=] [mech=ldap]
> [reason=Unknown]
>
> I've verified that the Domino server is listening on port 389.
> The ldapsearch utility works fine:
>
> > ldapsearch -v -p 389 -h albinoni.upc.es -b "O=lcx" "(cn=usuari
proves10)"
> ldap_init( albinoni.upc.es, 389 )
> filter pattern: (cn=usuari proves10)
> returning: ALL
> filter is: ((cn=usuari proves10))
> CN=Usuari Proves10,O=LCX
> cn=Usuari Proves10
> shortname=99990010
> uid=99990010
> mail=Usuari.Proves10 at albinoni.upc.es
> objectclass=top
> objectclass=person
> objectclass=organizationalPerson
> objectclass=inetOrgPerson
> objectclass=dominoPerson
> givenname=Usuari
> sn=Proves10
> 1 matches
>
> Seems that SASL can't contact the LDAP server, but I don't know why.
What's
> wrong?
>
> Any pointers would be greatly appreciated!
> Thanks.
>
>
>
--
Igor
More information about the Info-cyrus
mailing list