From: Vittorio Manfredini (no email)
Date: Wed May 18 2005 - 12:55:11 EDT
Now I put this in /etc/openldap/slapd.conf :
sasl-regexp
uid=(.*),cn=DIGEST-MD5,cn=auth
ldap:///ou=People,dc=domain,dc=com??sub?uid=$1
and saslAuthzTo (from uid=cyrus,ou=People,dc=domain,dc=com)
and when I execute
ldapsearch -U cyrus -X u:vittorio -Y DIGEST-MD5 -s base -b
uid=vittorio,cn=www.domain.com,cn=DIGEST-MD5,cn=auth
the log is :
May 18 18:45:27 www slapd[6353]: <== slap_sasl_bind: rc=0
May 18 18:45:27 www slapd[6353]: do_bind: SASL/DIGEST-MD5 bind:
dn="uid=vittorio,ou=people,dc=domain,dc=com" ssf=128
May 18 18:45:27 www slapd[6353]: do_search
May 18 18:45:27 www slapd[6353]: >>> dnPrettyNormal:
<uid=vittorio,cn=www.domain.com,cn=DIGEST-MD5,cn=auth>
May 18 18:45:27 www slapd[6353]: <<< dnPrettyNormal:
<uid=vittorio,cn=www.domain.com,cn=DIGEST-MD5,cn=auth>,
<uid=vittorio,cn=www.domain.com,cn=digest-md5,cn=auth>
May 18 18:45:27 www slapd[6353]: SRCH
"uid=vittorio,cn=www.domain.com,cn=DIGEST-MD5,cn=auth" 0 0
May 18 18:45:27 www slapd[6353]: 0 0 0
May 18 18:45:27 www slapd[6353]: filter: (objectClass=*)
May 18 18:45:27 www slapd[6353]: attrs:
May 18 18:45:27 www slapd[6353]:
May 18 18:45:27 www slapd[6353]: send_ldap_result: conn=9 op=2 p=3
May 18 18:45:27 www slapd[6353]: send_ldap_result: err=10 matched="" text=""
May 18 18:45:27 www slapd[6353]: send_ldap_response: msgid=3 tag=101 err=32
May 18 18:45:27 www slapd[6353]: connection_get(19)
May 18 18:45:27 www slapd[6353]: connection_get(19): got connid=9
May 18 18:45:27 www slapd[6353]: connection_read(19): checking for
input on id=9
May 18 18:45:27 www slapd[6353]: ber_get_next on fd 19 failed errno=0
(Success)
May 18 18:45:27 www slapd[6353]: connection_read(19): input error=-2
id=9, closing.
May 18 18:45:27 www slapd[6353]: connection_closing: readying conn=9
sd=19 for close
May 18 18:45:27 www slapd[6353]: connection_close: deferring conn=9 sd=19
May 18 18:45:27 www slapd[6353]: do_unbind
May 18 18:45:27 www slapd[6353]: connection_resched: attempting closing
conn=9 sd=19
May 18 18:45:27 www slapd[6353]: connection_close: conn=9 sd=19
What wrong now ??
Sorry I'm not an ldap expert ...
--
Vittorio Manfredini
Senior Technical Consultant
----- Messaggio da ---------
Data: Wed, 18 May 2005 11:14:05 -0400 (EDT)
Da: Igor Brezac <>
Rispondi-A: Igor Brezac <>
Oggetto: Re: Configuring ldapdb
A:
>
>
> On Wed, 18 May 2005, Howard Chu wrote:
>
>> Vittorio Manfredini wrote:
>>> I have some problem configuring ldapdb.
>>>
>>> I use the latest sasl distribution 2.1.21.
>>
>>> pop.conf (/usr/lib/sasl2) :
>>> pwcheck_method: auxprop
>>> auxprop_plugin: ldapdb
>>> ldapdb_uri: ldap://localhost
>>> ldapdb_id: cyrus
>>> ldapdb_pw: fosbugli
>>> ldapdb_mech: DIGEST-MD5
>>
>
> This needs to be Cyrus.conf or you can put these in imapd.conf, but
> you need to prepend sasl_ to each parameter.
>
>>> This is the result of ldapwhoami :
>>> www:/var/log # ldapwhoami -U cyrus -Y DIGEST-MD5 -X u:vittorio -D
>>> "uid=cyrus,ou=People,dc=domain,dc=com" -H ldap://localhost
>>> SASL/DIGEST-MD5 authentication started
>>> Please enter your password:
>>> SASL username: u:vittorio
>>> SASL SSF: 128
>>> SASL installing layers
>>> dn:uid=vittorio,cn=www.domain.com,cn=digest-md5,cn=auth
>>
>> The ldapwhoami command talks directly to slapd. This demonstrates
>> that your slapd configuration is working properly with SASL, and
>> that your SASL proxy authorization config in slapd is correct.
>
> I am not so sure that this part is working correctly. The resulting
> dn does not seem to exist in your database and auxprop properties
> (userPassword) can not be retrieved.
>
>>> But if I try to do this command :
>>> telnet www.vitsoft.bz 110
>>> Trying IP...
>>> Connected to www.domain.com.
>>> Escape character is '^]'.
>>> +OK www.domain.com Cyrus POP3 v2.2.12 server ready
>>> <>
>>> user vittorio
>>> +OK Name is a valid mailbox
>>> pass urcojida
>>> -ERR [AUTH] Invalid login
>>>
>
> I'd use sample client and server (included with cyrus-sasl source
> distro) for the plugin debug. Once you get this working you can try
> cyrus imapd. You might want to use imtest of pop3test.
>
>>> and in the log I have :
>>> May 18 11:59:28 www pop3[21318]: executed
>>> May 18 11:59:28 www pop3[21318]: accepted connection
>>> May 18 11:59:37 www slapd[27020]: conn=17 fd=13 ACCEPT from
>>> IP=127.0.0.1:36794 (IP=0.0.0.0:389)
>>> May 18 11:59:37 www pop3[21318]: badlogin: www.domain.com
>>> [192.168.2.11] plaintext vittorio SASL(-13): user not found:
>>> checkpass failed
>>> May 18 11:59:37 www slapd[27020]: conn=17 fd=13 closed
>>
>> Since the slapd configuration is correct, there must be some problem
>> with your popd configuration. You should examine the slapd debug
>> logs generated during a POP3 authentication attempt.
>>
>>> When ldap is starting I found this lines on the log :
>>> May 18 12:05:27 www slapd[6273]: @(#) $OpenLDAP: slapd 2.2.15 (Jan
>>> 26 2005 16:34:33) $
>>> abuild at fix:/usr/src/packages/BUILD/openldap-2.2.15/servers/slapd
>>> May 18 12:05:27 www slapd[6273]: auxpropfunc error invalid
>>> parameter supplied
>>> May 18 12:05:27 www slapd[6273]: _sasl_plugin_load failed on
>>> sasl_auxprop_plug_init for plugin: ldapdb
>>> May 18 12:05:27 www slapd[6273]: bdb_initialize: Sleepycat
>>> Software: Berkeley DB 4.2.52: (October 5, 2004)
>>> May 18 12:05:27 www slapd[6273]: bdb_db_init: Initializing bdb database
>>> May 18 12:05:27 www slapd[6278]: slapd starting
>>
>> This slapd error message is normal. The slapd server does not use
>> the ldapdb plugin; it uses its own built in auxprop handler.
>>
>
> --
> Igor
>
----- Fine messaggio da -----
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
|
|
|