[prev in list] [next in list] [prev in thread] [next in thread] 

List:       info-cyrus
Subject:    Re: sasl authentication problems
From:       Fred Blaise <chapeaurouge () gmail ! com>
Date:       2005-08-26 7:13:43
Message-ID: 9cfa15020508260013142d8c00 () mail ! gmail ! com
[Download RAW message or body]

On 8/24/05, Igor Brezac <igor@ipass.net> wrote:
> 
> On Wed, 24 Aug 2005, Fred Blaise wrote:
> 
> > On 8/24/05, Etienne Goyer <etienne.goyer@videotron.ca> wrote:
> >> Fred Blaise wrote:
> >>> I am trying to fix the cyrus SASL authentication against openLDAP, I guess.
> >>>
> >>> When I run that, here is the error:
> >>> --------------------------------------------
> >>> OX1:~# ldapsearch -D "cn=manager,dc=ilr,dc=lu" -h ldapsmb-pdc.ilr.lu
> >>> -b "dc=ilr,dc=lu" "(uid=sp)"
> >>> SASL/DIGEST-MD5 authentication started
> >>> Please enter your password:
> >>> ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
> >>>        additional info: SASL(-13): user not found: no secret in database
> >>
> >> You would need to use simple bind to authenticate using the userPassword
> >> attribute; try "ldapsearch -W -x -D..." instead.  If you worry about
> >> sending password cleartext, consider using SSL/TLS.
> > I am running TLS.. an ldapsearch -ZZ works fine with the -x simple bind.
> > However, cyrus -> saslauthd (PAM) -> pam_ldap requires an SASL
> > authentication on the ldap server, am I right?
> 
> If you are going setup sasl in openldap, I suggest you use ldapdb
> auxprop module, otherwise you can use built-in ldap support in saslauthd.
I have used the saslauthd -a ldap method, and it works like a charm :)

Thanks a lot.
> 
> --
> Igor
fred
>
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

[prev in list] [next in list] [prev in thread] [next in thread]