2013/11/20 <[email protected]>: > Thank you. > > Yes, the credentials are stored in AD. > > I saw this documentation, > http://ltb-project.org/wiki/documentation/general/sasl_delegation > > Helped me very much, but I think there are some wrong in my saslauth.conf, > because when I put the AD server and ldap_filter = (sAMAccountName=%u is > Ok Success SASL, " but when I put my localhost like this: > > ldap_servers: ldaps://127.0.0.1 #or ldap://localhost > #ldap_servers: ldaps://1.1.2.1 > ldap_version: 3 > ldap_auth_method: bind > ldap_search_base: cn=users,dc=foobar,dc=br > #ldap_filter: (sAMAccountname=%u) > #ldap_filter: (userPrincipalName=%u) > ldap_filter: uid=%u > ldap_bind_dn: cn=vmail,cn=users,dc=foobar,dc=br #or cn=admin,dc=foobar > ldap_password: abc@123 > ldap_deref: never > ldap_restart: yes > ldap_scope: sub > ldap_use_sasl: no > ldap_start_tls: no > ldap_timeout: 10 > > > testsaslauthd -u usertst -p password > > NO "authentication failed" > > See the log: > > Nov 20 09:13:23 mail slapd[12776]: conn=1139 fd=18 ACCEPT from > IP=127.0.0.1:50194 (IP=0.0.0.0:636) > Nov 20 09:13:23 mail slapd[12776]: conn=1139 fd=18 TLS established > tls_ssf=256 ssf=256 > Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=0 BIND > dn="cn=vmail,cn=users,dc=foobar,dc=br" method=128 > Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=0 BIND > dn="cn=vmail,cn=users,dc=foobar,dc=br" mech=SIMPLE ssf=0 > Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=0 RESULT tag=97 err=0 text= > Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=1 SRCH > base="cn=users,dc=foobar,dc=br" scope=2 deref=0 filter="(uid=usertst)" > Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=1 SRCH attr=dn > Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=1 SEARCH RESULT tag=101 > err=0 nentries=0 text= > > What can I do to fix this? >
The log says that the entry is not found (nentries=0) either because it does not exist, either because you can't read it (ACL). But what are you using localhost behind your SASL pass trough? Seems like you are doing a loop on your LDAP server. Clément.
