No problem, if you need more config info on the SASL setup, let me know. I have used with domain controller versions 2003 and up and worked great.
On Wed, Nov 20, 2013 at 11:24 AM, Willy Ramos <[email protected]> wrote: > Em 20/11/2013 14:33, Clément OUDOT escreveu: > > 2013/11/20 Willy Ramos <[email protected]>: >> >>> Em 20/11/2013 10:26, Clément OUDOT escreveu: >>> >>> 2013/11/20 <[email protected]>: >>>> >>>>> Thank you. >>>>> >>>>> Yes, the credentials are stored in AD. >>>>> >>>>> I saw this documentation, >>>>> http://ltb-project.org/wiki/documentation/general/sasl_delegation >>>>> >>>>> Helped me very much, but I think there are some wrong in my >>>>> saslauth.conf, >>>>> because when I put the AD server and ldap_filter = (sAMAccountName=%u >>>>> is >>>>> Ok Success SASL, " but when I put my localhost like this: >>>>> >>>>> ldap_servers: ldaps://127.0.0.1 #or ldap://localhost >>>>> #ldap_servers: ldaps://1.1.2.1 >>>>> ldap_version: 3 >>>>> ldap_auth_method: bind >>>>> ldap_search_base: cn=users,dc=foobar,dc=br >>>>> #ldap_filter: (sAMAccountname=%u) >>>>> #ldap_filter: (userPrincipalName=%u) >>>>> ldap_filter: uid=%u >>>>> ldap_bind_dn: cn=vmail,cn=users,dc=foobar,dc=br #or >>>>> cn=admin,dc=foobar >>>>> ldap_password: abc@123 >>>>> ldap_deref: never >>>>> ldap_restart: yes >>>>> ldap_scope: sub >>>>> ldap_use_sasl: no >>>>> ldap_start_tls: no >>>>> ldap_timeout: 10 >>>>> >>>>> >>>>> testsaslauthd -u usertst -p password >>>>> >>>>> NO "authentication failed" >>>>> >>>>> See the log: >>>>> >>>>> Nov 20 09:13:23 mail slapd[12776]: conn=1139 fd=18 ACCEPT from >>>>> IP=127.0.0.1:50194 (IP=0.0.0.0:636) >>>>> Nov 20 09:13:23 mail slapd[12776]: conn=1139 fd=18 TLS established >>>>> tls_ssf=256 ssf=256 >>>>> Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=0 BIND >>>>> dn="cn=vmail,cn=users,dc=foobar,dc=br" method=128 >>>>> Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=0 BIND >>>>> dn="cn=vmail,cn=users,dc=foobar,dc=br" mech=SIMPLE ssf=0 >>>>> Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=0 RESULT tag=97 err=0 >>>>> text= >>>>> Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=1 SRCH >>>>> base="cn=users,dc=foobar,dc=br" scope=2 deref=0 filter="(uid=usertst)" >>>>> Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=1 SRCH attr=dn >>>>> Nov 20 09:13:23 mail slapd[12776]: conn=1139 op=1 SEARCH RESULT tag=101 >>>>> err=0 nentries=0 text= >>>>> >>>>> What can I do to fix this? >>>>> >>>>> The log says that the entry is not found (nentries=0) either because >>>> it does not exist, either because you can't read it (ACL). >>>> >>>> But what are you using localhost behind your SASL pass trough? Seems >>>> like you are doing a loop on your LDAP server. >>>> >>>> >>>> Clément. >>>> >>>> That is a problem, because don´t found the base but when I´m using >>> ldapsearch my search is acepted, very strange. >>> >>> how this example: >>> ldapsearch -x -H ldaps://localhost -b dc=foobar,dc=com -D >>> cn=usertst,cn=users,dc=foobar,dc=com -w password >>> >>> I see all objects in database, when I do this command. >>> >>> If you had another idea please tell me, I just was seeing that link in >>> the >>> ltb-project.org. where tell me to use in localhost SASL. >>> >>> Seems you don't really understand how it works. OpenLDAP talks to >> saslauthd on localhost, then saslauthd talks to AD. So don't configure >> localhost in saslauthd, just set your AD settings in saslauthd.conf. >> >> Clément. >> >> >> All right, thanks for you help. but I´d tried this way before and too > the users weren´t authenticated, the passwords weren´t accepted. > For this I was tried another way. > > But I can try, this way again if works I tell you. > > > -- > Att. > > > Willy R. M > CDTN/System Software > > > > -- Jason K. Brandt Systems Administrator Bradley University (309) 677-2958
