saslauthd: Can't contact LDAP server

Igor Brezac igor at ypass.net
Thu Jul 17 08:14:07 EDT 2003


On Thu, 17 Jul 2003, Ana Ribas/Upcnet wrote:

> Hello,
>
> First of all, here's what I've got:
>
> Solaris 8
> Cyrus IMAP 2.1.13
> Cyrus SASL 2.1.15
> OpenLDAP 2.1.22 libraries
> OpenSSL 0.9.6
>
> I run saslauthd with ldap authentication working against
> Lotus Domino eDirectory but this is the response when I make the test:
>
> > ./testsaslauthd -u 99990010 -p hola123
> 0: NO "authentication failed"
>
> This is my /usr/local/etc/saslauthd.conf :
>
> #ldap_servers: ldap://albinoni.upc.es/
> ldap_servers: ldap://147.83.194.10/
> ldap_bind_dn: o=lcx

You are missing ldap_bind_pw

or in case of anonymous bind, ldap_bind_dn should not be specified.

Based on your ldapsearch example below, comment out ldap_bind_dn, restart
saslauthd and try again.

> #ldap_search_base: o=LCX
> #ldap_auth_method: custom
> ldap_port: 389
> ldap_uidattr: uid
> #ldap_filter: (&(cn=%u) (objectclass=person))
>
> and the results in the /var/log/auth.log file:
>
> Jul 17 12:46:55 delius saslauthd[27671]: [ID 390612 auth.warning]
> ldap_simple_bind() failed as o=lcx (Can't contact LDAP server)
> Jul 17 12:46:55 delius saslauthd[27671]: [ID 462440 auth.warning]
> lak_bind() failed
> Jul 17 12:46:55 delius saslauthd[27671]: [ID 285309 auth.info] do_auth
> : auth failure: [user=99990010] [service=imap] [realm=] [mech=ldap]
> [reason=Unknown]
>
> I've verified that the Domino server is listening on port 389.
> The ldapsearch utility works fine:
>
> > ldapsearch -v -p 389 -h albinoni.upc.es -b "O=lcx" "(cn=usuari proves10)"
> ldap_init( albinoni.upc.es, 389 )
> filter pattern: (cn=usuari proves10)
> returning: ALL
> filter is: ((cn=usuari proves10))
> CN=Usuari Proves10,O=LCX
> cn=Usuari Proves10
> shortname=99990010
> uid=99990010
> mail=Usuari.Proves10 at albinoni.upc.es
> objectclass=top
> objectclass=person
> objectclass=organizationalPerson
> objectclass=inetOrgPerson
> objectclass=dominoPerson
> givenname=Usuari
> sn=Proves10
> 1 matches
>
> Seems that SASL can't contact the LDAP server, but I don't know why. What's
> wrong?
>
> Any pointers would be greatly appreciated!
> Thanks.
>
>
>

-- 
Igor




More information about the Info-cyrus mailing list