i am looking to get SASL binds working in Dovecot for userdb lookups,
and i am not sure what i might be doing wrong.
Dovecot version - 2.2.19 running on Fedora 22. MIT Kerberos and
OpenLDAP are being used.
my LDAP configs:
uris = ldap://server1.bpk2.com ldap://server2.bpk2.com
sasl_bind = yes
sasl_mech = gssapi
sasl_realm = BPK2.COM
sasl_authz_id = imap/[email protected]
base = dc=bpk2,dc=com
the above results in the below error logs:
Jan 01 13:56:58 mail auth[16747]: GSSAPI Error: Unspecified GSS
failure. Minor code may provide more information (No Kerberos
credentials available)
Jan 01 13:56:58 mail dovecot[16722]: auth-worker(16747): Error: LDAP:
binding failed (dn (none)): Local error, SASL(-1): generic failure:
GSSAPI Error: Unspecified GSS failure. Minor code may provide more
information (No Kerberos credentials available)
i am assuming the keytab, /etc/dovecot/dovecot.keytab would be used to
bind to the directory, but i am not sure. the auth_krb5_keytab
directive is set with the absolute path and keytab name. is there
something i am missing, such as a /etc/sasl2/dovecot.conf file?
in the directory, i am mapping the Kerberos ID to LDAP user object as such:
uid=imap\/(.*).bpk2.com,cn=bpk2.com,cn=gssapi,cn=auth
uid=mda,ou=processUsers,ou=Users,dc=bpk2,dc=com
if i change the sasl_authz_id to
uid=mda,ou=processUsers,ou=Users,dc=bpk2,dc=com, and restart dovecot, i
still get the same error.
can anyone shed light on where i am going wrong?
thanks in advance,
brendan
