No problem, if you need more config info on the SASL setup, let me know. I have used with domain controller versions 2003 and up and worked great.
On Wed, Nov 20, 2013 at 11:24 AM, Willy Ramos wrm@cdtn.br wrote:
Em 20/11/2013 14:33, Clément OUDOT escreveu:
2013/11/20 Willy Ramos wrm@cdtn.br:
Em 20/11/2013 10:26, Clément OUDOT escreveu:
2013/11/20 wrm@cdtn.br:
Thank you.
Yes, the credentials are stored in AD.
I saw this documentation, http://ltb-project.org/wiki/documentation/general/sasl_delegation
Helped me very much, but I think there are some wrong in my saslauth.conf, because when I put the AD server and ldap_filter = (sAMAccountName=%u is Ok Success SASL, " but when I put my localhost like this:
ldap_servers: ldaps://127.0.0.1 #or ldap://localhost #ldap_servers: ldaps://1.1.2.1 ldap_version: 3 ldap_auth_method: bind ldap_search_base: cn=users,dc=foobar,dc=br #ldap_filter: (sAMAccountname=%u) #ldap_filter: (userPrincipalName=%u) ldap_filter: uid=%u ldap_bind_dn: cn=vmail,cn=users,dc=foobar,dc=br #or cn=admin,dc=foobar ldap_password: abc@123 ldap_deref: never ldap_restart: yes ldap_scope: sub ldap_use_sasl: no ldap_start_tls: no ldap_timeout: 10
testsaslauthd -u usertst -p password
NO "authentication failed"
See the log:
Nov 20 09:13:23 mail slapd[12776]: conn=1139 fd=18 ACCEPT from IP=127.0.0.1:50194 (IP=0.0.0.0:636) Nov 20 09:13:23 mail slapd[12776]: conn=1139 fd=18 TLS established tls_ssf=256 ssf=256 Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=0 BIND dn="cn=vmail,cn=users,dc=foobar,dc=br" method=128 Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=0 BIND dn="cn=vmail,cn=users,dc=foobar,dc=br" mech=SIMPLE ssf=0 Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=0 RESULT tag=97 err=0 text= Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=1 SRCH base="cn=users,dc=foobar,dc=br" scope=2 deref=0 filter="(uid=usertst)" Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=1 SRCH attr=dn Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
What can I do to fix this?
The log says that the entry is not found (nentries=0) either because
it does not exist, either because you can't read it (ACL).
But what are you using localhost behind your SASL pass trough? Seems like you are doing a loop on your LDAP server.
Clément.
That is a problem, because don´t found the base but when I´m using
ldapsearch my search is acepted, very strange.
how this example: ldapsearch -x -H ldaps://localhost -b dc=foobar,dc=com -D cn=usertst,cn=users,dc=foobar,dc=com -w password
I see all objects in database, when I do this command.
If you had another idea please tell me, I just was seeing that link in the ltb-project.org. where tell me to use in localhost SASL.
Seems you don't really understand how it works. OpenLDAP talks to
saslauthd on localhost, then saslauthd talks to AD. So don't configure localhost in saslauthd, just set your AD settings in saslauthd.conf.
Clément.
All right, thanks for you help. but I´d tried this way before and too
the users weren´t authenticated, the passwords weren´t accepted. For this I was tried another way.
But I can try, this way again if works I tell you.
-- Att.
Willy R. M CDTN/System Software