Hi,
I am trying to get Pass-Through authentication to work for password
verification.
Following the 'Pass-Through authentication' (14.5) in the openldap 2.4
admin guide, I hve configured saslauthd and slapd.conf (sasl) and
managed to successfully authenticate with Active Directory (AD) using
the 'testsaslauthd' utility.
Setting a user password in my openldap database in the form
dn: uid=user,ou=org,dc=org.com
userPassword: {SASL}joe@ad.example.com
where joe@ad.example.com is the userPrincipalName defined for this
user in AD.
I can't authenticate, when using the ldapsearch command
$ ldapsearch -x -v -D 'uid=joe,ou=people,dc=myorg.com' -W -h ldaphost
Comes up with error (49)
I have enabled --enable-spasswd --with-cyrus-sasl when compiling openldap
Has anybody configured this type of setup successfully?
My question is - how do I configure my openldap server to talk to
'saslauthd' - which openldap's passthrough delegates password
authentication to, when the userpassword is in the form
userPassword: {SASL}joe@ad.example.com
Do I need to have some extra configurations in my openldap slapd.conf
file? Currently I only have sasl-host and sasl-secprops defined, as:-
sasl-host 127.0.0.1 # (where my openldap server runs as well)
sasl-secprops none
Do I need to do any auth-regex for any translation?
This is my openldap entry for user joe
dn: uid=joe,ou=people,dc=myorg.com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Joe
sn: Bloggs
telephoneNumber: 3333
userPassword: {SASL}joe@ad.example.com
physicalDeliveryOfficeName: J2B/1
givenName: joe
uid: joe
Below is my /usr/lib/sasl2/slapd.conf file
mech_list: plain
pwcheck_method: saslauthd
saslauthd_path: /var/run/saslauthd/mux
Below is my /etc/saslauthd.conf file
ldap_servers: ldap://ad.example.com:389
ldap_search_base: ou=People,dc=ad,dc=example,dc=com
ldap_filter: (userPrincipalName=%u)
ldap_bind_dn: cn=admin,cn=Users,dc=ad,dc=example,dc=com
ldap_password: mypassword
Any help will be greatly appreciated.
Many Thanks
krishan