7

I'm trying to get saslauthd working with openldap.

ldapsearch and every service connected to openldap works fine. sasldblistusers2 doesn't work - and ldapwhoami does not work either.

getent passwd works fine too.

sasldblistusers2 produces this log entry:

Sep 30 03:48:01 sogo sasldblistusers2: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb
Sep 30 03:48:01 sogo sasldblistusers2: canonuserfunc error -7
Sep 30 03:48:01 sogo sasldblistusers2: _sasl_plugin_load failed on sasl_canonuser_init for plugin: ldapdb
Sep 30 03:48:01 sogo sasldblistusers2: DIGEST-MD5 common mech free

ldapwhoami result:

root@sogo:/root# ldapwhoami
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
        additional info: SASL(-13): user not found: no secret in database

My /etc/saslauthd.conf:

ldap_servers: ldap://localhost
ldap_version: 3
ldap_auth_method: bind
ldap_search_base: dc=MY,dc=DOMAIN
ldap_scope: sub
ldap_bind_dn: cn=admin,dc=MY,dc=DOMAIN
ldap_bind_pw: LDAPPASS
ldap_filter: <uid=%u>
auxprop_plugin: ldapdb

/etc/default/saslauthd:

START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="ldap"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/run/saslauthd"

I can't see the error. Please help.

Andreas Rehm
  • 841
  • 6
  • 11
  • Did you ever find out what caused these error messages and how to get rid of them? The only answer so far isn't very satisifying... I'm more or less having the same issue with Postfix authenticating via saslauthd against LDAP on Debian 7 Wheezy. – Axel Beckert Sep 12 '16 at 13:12

2 Answers2

1

A similar error can be also happen at RHEL7/8, if the ldapdb backend is not used, but installed. (dont mix this topic)

If you are using ldap with saslauthd, you should remove cyrus-sasl-ldap - then the error will be fixed, too.

TuxSY
  • 11
  • 1
0

Your saslauthd.conf config file should be included in saslauthd:

MECH_OPTIONS="/etc/saslauthd.conf"

mogyi
  • 1