saslauthd authentication problem

Igor Brezac igor at ipass.net
Fri Sep 3 14:29:03 EDT 2004 

On Fri, 3 Sep 2004, Paul Wolstenholme wrote:

> I have saslauthd configured to use ldap. The uid have an "@". Authentication 
> works using testsaslauthd:
>
> Sep  3 10:38:36 localhost slapd[1248]: conn=118 op=0 BIND 
> dn="cn=Administrator,o=shoutout" method=128
> Sep  3 10:38:36 localhost slapd[1248]: conn=118 op=0 BIND 
> dn="cn=Administrator,o=shoutout" mech=SIMPLE ssf=0
> Sep  3 10:38:36 localhost slapd[1248]: conn=118 op=0 RESULT tag=97 err=0 
> text=
> Sep  3 10:38:36 localhost slapd[1248]: conn=118 op=1 SRCH base="o=shoutout" 
> scope=2 filter="(uid=paul at shoutout.ca)"
> Sep  3 10:38:36 localhost slapd[1248]: conn=118 op=1 SRCH attr=dn
> Sep  3 10:38:36 localhost slapd[1248]: conn=118 op=1 SEARCH RESULT tag=101 
> err=0 nentries=1 text=
> Sep  3 10:38:36 localhost slapd[1248]: conn=118 op=2 BIND anonymous 
> mech=implicit ssf=0
> Sep  3 10:38:36 localhost slapd[1248]: conn=118 op=2 BIND 
> dn="uid=paul at shoutout.ca,ou=users,ispmanDomain=shoutout.ca,o=shoutout" 
> method=128
> Sep  3 10:38:36 localhost slapd[1248]: conn=118 op=2 BIND 
> dn="uid=paul at shoutout.ca,ou=users,ispmanDomain=shoutout.ca,o=shoutout" 
> mech=SIMPLE ssf=0
> Sep  3 10:38:36 localhost slapd[1248]: conn=118 op=2 RESULT tag=97 err=0 
> text=
>
>
> However, authentication failds whenusing imtest:
> imtest -u 'paul at shoutout.ca' localhost
>
> Sep  3 10:37:12 localhost slapd[1248]: conn=87 op=3 BIND anonymous 
> mech=implicit ssf=0
> Sep  3 10:37:12 localhost slapd[1248]: conn=87 op=3 BIND 
> dn="cn=Administrator,o=shoutout" method=128
> Sep  3 10:37:12 localhost slapd[1248]: conn=87 op=3 BIND 
> dn="cn=Administrator,o=shoutout" mech=SIMPLE ssf=0
> Sep  3 10:37:12 localhost slapd[1248]: conn=87 op=3 RESULT tag=97 err=0 text=
> Sep  3 10:37:12 localhost slapd[1248]: conn=87 op=4 SRCH base="o=shoutout" 
> scope=2 filter="(uid=wolstena)"
> Sep  3 10:37:12 localhost slapd[1248]: conn=87 op=4 SRCH attr=dn
> Sep  3 10:37:12 localhost slapd[1248]: conn=87 op=4 SEARCH RESULT tag=101 
> err=0 nentries=1 text=
> Sep  3 10:37:12 localhost slapd[1248]: conn=87 op=5 BIND anonymous 
> mech=implicit ssf=0
> Sep  3 10:37:12 localhost slapd[1248]: conn=87 op=5 BIND 
> dn="ispmanClientId=1,ispmanResellerId=2,ou=ispman,o=shoutout" method=128
>
>
> I thought I may need a ldap_filter in my imapd.conf file:
> ldap_filter: (uid=%u)

Your defaultdomain in imapd.conf must be shoutout.ca.  If this is the 
case, cyrus imap will drop the domain portion.

In saslauthd.conf do:
ldap_filter: (uid=%U@%r)
ldap_default_realm: shoutout.ca

-- 
Igor
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list