Can't get password passthrough to work with openldap

Tue, 16 Mar 2010 09:36:50 -0700 

Hi,
   I am trying to get Pass-Through authentication to work for password
   verification.

   Following the 'Pass-Through authentication' (14.5) in the openldap 2.4
   admin guide, I hve configured saslauthd and slapd.conf (sasl) and
   managed to successfully authenticate with Active Directory (AD) using
   the 'testsaslauthd' utility.

   Setting a user password in my openldap database in the form

   dn: uid=user,ou=org,dc=org.com
   userPassword: {sasl}[email protected] <sasl%[email protected]>

   where [email protected] <[email protected]> is the
userPrincipalName defined for this
   user in AD.

   I can't authenticate, when using the ldapsearch command

     $ ldapsearch -x -v -D 'uid=joe,ou=people,dc=myorg.com' -W -h ldaphost

     Comes up with error (49)

     I have enabled --enable-spasswd --with-cyrus-sasl when compiling openldap


     Has anybody configured this type of setup successfully?

     My question is - how do I configure my openldap server to talk to
     'saslauthd' - which openldap's passthrough delegates password
     authentication to, when the userpassword is in the form

               userPassword: {sasl}[email protected] 
<sasl%[email protected]>

     Do I need to have some extra configurations in my openldap slapd.conf
     file? Currently I only have sasl-host and sasl-secprops defined, as:-

        sasl-host 127.0.0.1  # (where my openldap server runs as well)
        sasl-secprops none


     Do I need to do any auth-regex for any translation?


     This is my openldap entry for user joe

     dn: uid=joe,ou=people,dc=myorg.com
     objectclass: top
     objectclass: person
     objectclass: organizationalPerson
     objectclass: inetOrgPerson
     cn: Joe
     sn: Bloggs
     telephoneNumber: 3333
     userPassword: {sasl}[email protected] <sasl%[email protected]>
     physicalDeliveryOfficeName: J2B/1
     givenName: joe
     uid: joe


     Below is my /usr/lib/sasl2/slapd.conf file

     mech_list: plain
     pwcheck_method: saslauthd
     saslauthd_path: /var/run/saslauthd/mux


     Below is my /etc/saslauthd.conf  file

    ldap_servers: ldap://ad.example.com:389

    ldap_search_base: ou=People,dc=ad,dc=example,dc=com
    ldap_filter: (userPrincipalName=%u)

    ldap_bind_dn: cn=admin,cn=Users,dc=ad,dc=example,dc=com
    ldap_password: mypassword


     Any help will be greatly appreciated.


     Many Thanks

     krishan

Reply via email to