saslauthd with openldap

Marc Patermann hans.moser at
Fri Apr 19 08:06:34 EDT 2013


Paul van der Vlis schrieb (19.04.2013 11:58 Uhr):

> I am trying to get saslauthd working
While this is not IMAPd related, why don't your try a SASL list?

> to authenticate on openLDAP with
> passwords stored with a MD5 hash (base64 encoded) in the field
> UserPassword. The passwords are created with smb-ldap so I think it's
> normal that they are base64 encoded.
Is SASL auxprop ldapdb not an option for you?

> "testsaslauthd -u mailtest -p secret" gives always "authentication
> failed".  In auth.log I see always: "Bind failed".
> I've tried many options in saslauthd.conf, at the moment it's this:
> --------
> ldap_servers: ldap://
> ldap_auth_method: custom
> ldap_bind_dn: uid=admin,dc=domain,dc=local
> ldap_bind_pw: secret
> ldap_search_base: ou=Users,dc=domain,dc=local
> ldap_filter: cn=%u
> --------
what does
# ldapsearch -H ldap:// -x -D 
uid=admin,dc=domain,dc=local -w secret -B ou=Users,dc=domain,dc=local 
for you?

> I am using cyrus-sasl2 version 2.1.25.dfsg1-6 from Debian Wheezy.
> LDAP is on an old machine (Ubuntu 8.04, slapd version 2.4.7).
FYI: For a production use LDAP server it is best advice from the 
openldap developers to use the lastest version, which is 2.4.35.


More information about the Info-cyrus mailing list