sasl authentication problems
Igor Brezac
igor at ipass.net
Wed Aug 24 17:46:58 EDT 2005
On Wed, 24 Aug 2005, Fred Blaise wrote:
> On 8/24/05, Igor Brezac <igor at ipass.net> wrote:
>>
>> On Wed, 24 Aug 2005, Fred Blaise wrote:
>>
>>> On 8/24/05, Etienne Goyer <etienne.goyer at videotron.ca> wrote:
>>>> Fred Blaise wrote:
>>>>> I am trying to fix the cyrus SASL authentication against openLDAP, I guess.
>>>>>
>>>>> When I run that, here is the error:
>>>>> --------------------------------------------
>>>>> OX1:~# ldapsearch -D "cn=manager,dc=ilr,dc=lu" -h ldapsmb-pdc.ilr.lu
>>>>> -b "dc=ilr,dc=lu" "(uid=sp)"
>>>>> SASL/DIGEST-MD5 authentication started
>>>>> Please enter your password:
>>>>> ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
>>>>> additional info: SASL(-13): user not found: no secret in database
>>>>
>>>> You would need to use simple bind to authenticate using the userPassword
>>>> attribute; try "ldapsearch -W -x -D..." instead. If you worry about
>>>> sending password cleartext, consider using SSL/TLS.
>>> I am running TLS.. an ldapsearch -ZZ works fine with the -x simple bind.
>>> However, cyrus -> saslauthd (PAM) -> pam_ldap requires an SASL
>>> authentication on the ldap server, am I right?
>>
>> If you are going setup sasl in openldap, I suggest you use ldapdb
>> auxprop module,
> I cannot use ldapdb auxprop.
Why not?
>> otherwise you can use built-in ldap support in saslauthd.
> You mean, the method ldap of saslauthd ? I haven't seen much
> documentation on that one. Do you have any links? All the doc I read
> about authenticating cyrus imap with saslauthd were talking about
> using the method pam of saslauthd and pam_ldap to talk to the ldap
> directory.
Start with 'man saslauthd'.
--
Igor
More information about the Info-cyrus
mailing list