ldap auth through saslauthd through cyrus
lehmann at cnm.de
lehmann at cnm.de
Tue Jan 3 19:29:17 EST 2012
Hello,
> i am assuming that you are running saslauthd with the -r argument --
> something like:
>
> saslauthd -a ldap -O/etc/saslauthd.conf -r
actually I did not, but thanks for pointing me on that!
I noticed before in /var/log/auth, that username and realm have been
splitted, so that the username didn't contain the full email address and
thus the LDAP lookup failed:
saslauthd[19326]: Entry not found ((cn=userpart)).
saslauthd[19326]: Authentication failed for userpart/domain.com: User
not found (-6)
saslauthd[19326]: do_auth : auth failure: [user=userpart]
[service=imap] [realm=domain.com] [mech=ldap] [reason=Unknown]
But I thought that it is an issue how cyrus passes the values to
saslauthd but actually it depends on how saslauthd treats the values it
receives.
So the -r parameter was just right:
"Combine the realm with the login (with an '@' sign in between). e.g.
login: "foo" realm: "bar" will get passed as login: "foo at bar". Note
that the realm will still be passed, which may lead to unexpected
behaviour."
Thanks!
Kind regards
Marten
More information about the Info-cyrus
mailing list