Unable to authenticate with LDAPs

Jeff Warnica jeffw at chebucto.ns.ca
Tue Sep 9 11:14:40 EDT 2003


Take my advice with a grain of salt: my work with the motly collection
of tools is ongoing.. (basicly Im with a volunteer run ISP, and been
fighting political battles more then tech ones for 6 months)

Anyway.. 'ldap' is neither a service or a mech... A 'service' is what
you (would) define in the pam configuration files and is something like:
login, ssh, imap, pop, ppp and what not. And a mech is how the password
checking is done, something like: CRAM-MD6, DIGEST-MD5 etc. But even
before the saslauthd gets that far it fails even to connect to you ldap
server.. 

Check from the command line to see if the LDAP box can be contacted.. I
use something like:

ldapsearch -Y DIGEST-MD5 -U saslauthd -h clio.chebucto.net -s sub -b 
"o=chebucto,c=ca" -Z "(uid=saslauthd)"

This tries to bind to my LDAP server as the saslauthd user and then does
a search for that user object... This at least verifys that the server
can be contacted and bound to as the saslauthd user.. Get the command
line working before you move on to saslauthd..

On Tue, 2003-09-09 at 09:16, Ana Ribas/Upcnet wrote:
> Hi,
>    lak_bind() failed
>    Sep  9 13:40:58 delius saslauthd[1260]: [ID 285309 auth.info] do_auth
>    : auth failure: [user=usuariproves1] [service=imap] [realm=] [mech=ldap]
>    [reason=Unknown]
>    Sep  9 13:40:58 delius last message repeated 1 time






More information about the Info-cyrus mailing list