Re: saslauthd authentication problem

[Paul Wolstenholme]

On 3-Sep-04, at 11:29 AM, Igor Brezac wrote:

On Fri, 3 Sep 2004, Paul Wolstenholme wrote:

I have saslauthd configured to use ldap. The uid have an "@". Authentication works using testsaslauthd:

Sep 3 10:38:36 localhost slapd[1248]: conn=118 op=0 BIND dn="cn=Administrator,o=shoutout" method=128
Sep 3 10:38:36 localhost slapd[1248]: conn=118 op=0 BIND dn="cn=Administrator,o=shoutout" mech=SIMPLE ssf=0
Sep 3 10:38:36 localhost slapd[1248]: conn=118 op=0 RESULT tag=97 err=0 text=
Sep 3 10:38:36 localhost slapd[1248]: conn=118 op=1 SRCH base="o=shoutout" scope=2 filter="([EMAIL PROTECTED])"
Sep 3 10:38:36 localhost slapd[1248]: conn=118 op=1 SRCH attr=dn
Sep 3 10:38:36 localhost slapd[1248]: conn=118 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 3 10:38:36 localhost slapd[1248]: conn=118 op=2 BIND anonymous mech=implicit ssf=0
Sep 3 10:38:36 localhost slapd[1248]: conn=118 op=2 BIND dn="[EMAIL PROTECTED],ou=users,ispmanDomain=shoutout.ca,o=shoutout" method=128
Sep 3 10:38:36 localhost slapd[1248]: conn=118 op=2 BIND dn="[EMAIL PROTECTED],ou=users,ispmanDomain=shoutout.ca,o=shoutout" mech=SIMPLE ssf=0
Sep 3 10:38:36 localhost slapd[1248]: conn=118 op=2 RESULT tag=97 err=0 text=

However, authentication failds whenusing imtest:
imtest -u '[EMAIL PROTECTED]' localhost

Sep 3 10:37:12 localhost slapd[1248]: conn=87 op=3 BIND anonymous mech=implicit ssf=0
Sep 3 10:37:12 localhost slapd[1248]: conn=87 op=3 BIND dn="cn=Administrator,o=shoutout" method=128
Sep 3 10:37:12 localhost slapd[1248]: conn=87 op=3 BIND dn="cn=Administrator,o=shoutout" mech=SIMPLE ssf=0
Sep 3 10:37:12 localhost slapd[1248]: conn=87 op=3 RESULT tag=97 err=0 text=
Sep 3 10:37:12 localhost slapd[1248]: conn=87 op=4 SRCH base="o=shoutout" scope=2 filter="(uid=wolstena)"
Sep 3 10:37:12 localhost slapd[1248]: conn=87 op=4 SRCH attr=dn
Sep 3 10:37:12 localhost slapd[1248]: conn=87 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 3 10:37:12 localhost slapd[1248]: conn=87 op=5 BIND anonymous mech=implicit ssf=0
Sep 3 10:37:12 localhost slapd[1248]: conn=87 op=5 BIND dn="ispmanClientId=1,ispmanResellerId=2,ou=ispman,o=shoutout" method=128

I thought I may need a ldap_filter in my imapd.conf file:
ldap_filter: (uid=%u)

Your defaultdomain in imapd.conf must be shoutout.ca. If this is the case, cyrus imap will drop the domain portion.

In saslauthd.conf do:
ldap_filter: ([EMAIL PROTECTED])
ldap_default_realm: shoutout.ca

Thanks you, that did the trick.

--
Igor
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html