Le 04/02/2025 à 19:35, Dino Edwards a écrit :
Hi,
Trying to get pass-through authentication working however, I'm running to the following error in OpenLDAP:
openldap | 679ceede.3aa31e0a 0x7f2ff617e6c0 conn=1004 op=1 SRCH attr=uid mail displayName
openldap | 679ceede.3aa4b816 0x7f2ff617e6c0 conn=1004 op=1 SEARCH RESULT
tag=101 err=0 qtime=0.000019 etime=0.000172 nentries=1 text=
openldap | 679ceede.3aaafd88 0x7f2ff597d6c0 conn=1005 fd=14 ACCEPT from
IP=172.16.32.1:47082 (IP=0.0.0.0:1389)
openldap | 679ceede.3aab8f34 0x7f2ff597d6c0 conn=1005 op=0 BIND dn="cn=username@domain.tld,ou=users,dc=domain,dc=local" method=128
openldap | 679ceede.3aac9267 0x7f2ff597d6c0 SASL [conn=1005] Failure: cannot connect to saslauthd server: No such file or directory
openldap | 679ceede.3aad25b9 0x7f2ff597d6c0 conn=1005 op=0 RESULT tag=97
err=49 qtime=0.000005 etime=0.000120 text=
openldap | 679ceede.3ab0191f 0x7f2ff617e6c0 conn=1005 fd=14 closed (connection lost)
openldap | 679ceede.3ab3d76a 0x7f2ff597d6c0 conn=1004 fd=13 closed (connection lost)
I followed the admin docs at:
https://www.openldap.org/doc/admin26/guide.html#Pass-Through%20authenticatio
n
Here's what I did:
Created /usr/lib/sasl2/slapd.conf with the following content:
mech_list: plain
pwcheck_method: saslauthd
saslauthd_path: /var/run/sasl2/mux
Created /etc/saslauthd.conf with the following content:
ldap_servers: ldap://192.168.xxx.xxx.xxx
ldap_search_base: OU=Users,DC=domain,DC=tld
ldap_filter: (uid=%u)
ldap_bind_dn: CN=saslauthd,CN=Users,DC=domain,DC=tld
ldap_password: somepassword
Added a user that already exists in domain.tld in openldap with the following password:
{SASL}username@domain.tld mailto:%7bSASL%7dusername@domain.tld
I would appreciate some help on this.
Thanks
Did you configured olcSaslHost and olcSaslSecprops?
You can look at this documentation we wrote for LDAP Tool Box project: https://ltb-project.org/documentation/sasl_delegation.html