9:51 a.m.
No problem, if you need more config info on the SASL setup, let me know. I
have used with domain controller versions 2003 and up and worked great.
On Wed, Nov 20, 2013 at 11:24 AM, Willy Ramos <wrm(a)cdtn.br> wrote:
Em 20/11/2013 14:33, Clément OUDOT escreveu:
2013/11/20 Willy Ramos <wrm(a)cdtn.br>:
>
>> Em 20/11/2013 10:26, Clément OUDOT escreveu:
>>
>> 2013/11/20 <wrm(a)cdtn.br>:
>>>
>>>> Thank you.
>>>>
>>>> Yes, the credentials are stored in AD.
>>>>
>>>> I saw this documentation,
>>>> http://ltb-project.org/wiki/documentation/general/sasl_delegation
>>>>
>>>> Helped me very much, but I think there are some wrong in my
>>>> saslauth.conf,
>>>> because when I put the AD server and ldap_filter = (sAMAccountName=%u
>>>> is
>>>> Ok Success SASL, " but when I put my localhost like this:
>>>>
>>>> ldap_servers: ldaps://127.0.0.1 #or ldap://localhost
>>>> #ldap_servers: ldaps://1.1.2.1
>>>> ldap_version: 3
>>>> ldap_auth_method: bind
>>>> ldap_search_base: cn=users,dc=foobar,dc=br
>>>> #ldap_filter: (sAMAccountname=%u)
>>>> #ldap_filter: (userPrincipalName=%u)
>>>> ldap_filter: uid=%u
>>>> ldap_bind_dn: cn=vmail,cn=users,dc=foobar,dc=br #or
>>>> cn=admin,dc=foobar
>>>> ldap_password: abc@123
>>>> ldap_deref: never
>>>> ldap_restart: yes
>>>> ldap_scope: sub
>>>> ldap_use_sasl: no
>>>> ldap_start_tls: no
>>>> ldap_timeout: 10
>>>>
>>>>
>>>> testsaslauthd -u usertst -p password
>>>>
>>>> NO "authentication failed"
>>>>
>>>> See the log:
>>>>
>>>> Nov 20 09:13:23 mail slapd[12776]: conn=1139 fd=18 ACCEPT from
>>>> IP=127.0.0.1:50194 (IP=0.0.0.0:636)
>>>> Nov 20 09:13:23 mail slapd[12776]: conn=1139 fd=18 TLS established
>>>> tls_ssf=256 ssf=256
>>>> Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=0 BIND
>>>> dn="cn=vmail,cn=users,dc=foobar,dc=br" method=128
>>>> Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=0 BIND
>>>> dn="cn=vmail,cn=users,dc=foobar,dc=br" mech=SIMPLE ssf=0
>>>> Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=0 RESULT tag=97 err=0
>>>> text=
>>>> Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=1 SRCH
>>>> base="cn=users,dc=foobar,dc=br" scope=2 deref=0
filter="(uid=usertst)"
>>>> Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=1 SRCH attr=dn
>>>> Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=1 SEARCH RESULT tag=101
>>>> err=0 nentries=0 text=
>>>>
>>>> What can I do to fix this?
>>>>
>>>> The log says that the entry is not found (nentries=0) either because
>>> it does not exist, either because you can't read it (ACL).
>>>
>>> But what are you using localhost behind your SASL pass trough? Seems
>>> like you are doing a loop on your LDAP server.
>>>
>>>
>>> Clément.
>>>
>>> That is a problem, because don´t found the base but when I´m using
>> ldapsearch my search is acepted, very strange.
>>
>> how this example:
>> ldapsearch -x -H ldaps://localhost -b dc=foobar,dc=com -D
>> cn=usertst,cn=users,dc=foobar,dc=com -w password
>>
>> I see all objects in database, when I do this command.
>>
>> If you had another idea please tell me, I just was seeing that link in
>> the
>> ltb-project.org. where tell me to use in localhost SASL.
>>
>> Seems you don't really understand how it works. OpenLDAP talks to
> saslauthd on localhost, then saslauthd talks to AD. So don't configure
> localhost in saslauthd, just set your AD settings in saslauthd.conf.
>
> Clément.
>
>
> All right, thanks for you help. but I´d tried this way before and too
the users weren´t authenticated, the passwords weren´t accepted.
For this I was tried another way.
But I can try, this way again if works I tell you.
--
Att.
Willy R. M
CDTN/System Software
--
Jason K. Brandt
Systems Administrator
Bradley University
(309) 677-2958