Cyrus with LDAP

Shashank Agrawal shashank3 at gmail.com
Mon Apr 4 12:55:49 EDT 2005


Hello,
The following two statements work.
  ldapsearch -x -h localhost -D 'cn=Manager,dc=domain,dc=com' -W 
'(uid=shashank)'
ldapsearch -x -h localhost -D 'uid=shashank,ou=Users,dc=domain,dc=com' -W 
'(uid=shashank)'
 However, this doesn't 
 testsaslauthd -u shashank -p xxxxxx
0: NO "authentication failed"
 This is the error in /var/log/auth.log
 Apr 4 09:42:50 mail saslauthd[4893]: Authentication failed for 
shashank/domain.com: Bind to ldap server failed (invalid user/password or 
insufficient access) (-7)
Apr 4 09:42:50 mail saslauthd[4893]: do_auth : auth failure: [user=shashank] 
[service=imap] [realm=] [mech=ldap] [reason=Unknown]

i don't know what's wrong? 
 you suggested to adjust binddn: uid=%u,dc=domain,dc=com. where do i have to 
do that?
 Thank you,
Shashank
  On Apr 1, 2005 10:26 AM, Craig White <craigwhite at azapple.com> wrote: 
> 
> On Fri, 2005-04-01 at 08:56 -0800, Shashank Agrawal wrote:
> > yeah. you are right. it doesn't work now.
> >
> > [root at mail openldap]# ldapsearch -x -h localhost -D
> > 'ou=Manager,dc=emgbank,dc=com' -W '(uid=shashank)'
> > Enter LDAP Password:
> > ldap_bind: Invalid credentials (49)
> > [root at mail openldap]#
> >
> > On Apr 1, 2005 8:36 AM, Craig White <craigwhite at azapple.com> wrote:
> > > On Fri, 2005-04-01 at 07:13 -0800, Shashank Agrawal wrote:
> > > > This seems to be working. here is the output.
> > > >
> > > > [root at mail openldap]# ldapsearch -x -h localhost -D
> > > > 'uid=shashank,ou=Users,dc=emgbank,dc=com' -W '(uid=shashank)'
> > > > Enter LDAP Password:
> > > > # extended LDIF
> > > > #
> > > > # LDAPv3
> > > > # base <> with scope sub
> > > > # filter: (uid=shashank)
> > > > # requesting: ALL
> > > > #
> > > ---
> > > yeah looks good...
> > >
> > > try it with your binddn/bindpw from your saslauthd now...
> > >
> > > ldapsearch -x -h localhost -D 'ou=Manager,dc=emgbank,dc=com' \
> > > -W '(uid=shashank)'
> ----
> perhaps you need to adjust your binddn setup...
> 
> binddn: uid=%u,dc=emgbank,dc=com
> 
> or no binddn at all, and let the user login bind - depends upon how your
> LDAP is set up
> 
> Craig
> 
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20050404/5b13b0de/attachment.html


More information about the Info-cyrus mailing list