Thank you.
Yes, the credentials are stored in AD.
I saw this documentation, http://ltb-project.org/wiki/documentation/general/sasl_delegation
Helped me very much, but I think there are some wrong in my saslauth.conf, because when I put the AD server and ldap_filter = (sAMAccountName=%u is Ok Success SASL, " but when I put my localhost like this:
ldap_servers: ldaps://127.0.0.1 #or ldap://localhost #ldap_servers: ldaps://1.1.2.1 ldap_version: 3 ldap_auth_method: bind ldap_search_base: cn=users,dc=foobar,dc=br #ldap_filter: (sAMAccountname=%u) #ldap_filter: (userPrincipalName=%u) ldap_filter: uid=%u ldap_bind_dn: cn=vmail,cn=users,dc=foobar,dc=br #or cn=admin,dc=foobar ldap_password: abc@123 ldap_deref: never ldap_restart: yes ldap_scope: sub ldap_use_sasl: no ldap_start_tls: no ldap_timeout: 10
testsaslauthd -u usertst -p password
NO "authentication failed"
See the log:
Nov 20 09:13:23 mail slapd[12776]: conn=1139 fd=18 ACCEPT from IP=127.0.0.1:50194 (IP=0.0.0.0:636) Nov 20 09:13:23 mail slapd[12776]: conn=1139 fd=18 TLS established tls_ssf=256 ssf=256 Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=0 BIND dn="cn=vmail,cn=users,dc=foobar,dc=br" method=128 Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=0 BIND dn="cn=vmail,cn=users,dc=foobar,dc=br" mech=SIMPLE ssf=0 Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=0 RESULT tag=97 err=0 text= Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=1 SRCH base="cn=users,dc=foobar,dc=br" scope=2 deref=0 filter="(uid=usertst)" Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=1 SRCH attr=dn Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
What can I do to fix this?
Willy R.M
Clément OUDOT wrote:
2013/11/19 Jason Brandt jbrandt@fsmail.bradley.edu:
You are trying to authenticate through the credentials stored in your active directory servers, not the passwords stored in LDAP, correct? If that is the case, then the easiest means to accomplish that are to use SASL for authentication.
Or he could just read up on slapo-pbind.
You can check this how-to: http://ltb-project.org/wiki/documentation/general/sasl_delegation
Clément.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/