7:24 a.m.
I seem quite stuck on getting the first step of setting up mail authentication.
I have a running directory and Cyrus-SASL installed, but I can't get the two to
communicate properly.
For now I think anonymous access is fine as they are on the same server.
I tried ldapsearch, but it seems to fail quite basicly:
[root@langham ~]# ldapsearch -D "cn=admin" -w fidelio77 -b
"fashioncontent.com" cn=hvendelbo
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:
[root@langham ~]# ldapsearch -X -Y
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:
As I understand the message I need to configure some protocol on the server, but I have no
idea where or how??
Henrik
8:46 a.m.
I seem quite stuck on getting the first step of setting up
mail authentication.
I have a running directory and Cyrus-SASL installed, but I
can't get the two to communicate properly.
For now I think anonymous access is fine as they are on the
same server.
I tried ldapsearch, but it seems to fail quite basicly:
[root@langham ~]# ldapsearch -D "cn=admin" -w fidelio77 -b
"fashioncontent.com" cn=hvendelbo SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:
[root@langham ~]# ldapsearch -X -Y
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:
As I understand the message I need to configure some protocol
on the server, but I have no idea where or how??
It looks like you're using the OpenLDAP version of ldapsearch and don't
have SAASL auth set up on the server.
You can either pass the "-x" switch to ldapsearch to use plaintext auth,
ot use the ldapsearch that comes with the directory server (probably in
/opt/fedora-ds/shared/bin).
8:51 a.m.
I have cyrus-sasl installed and configured so I tried testsaslauthd which
failed so I tried ldapsearch.
Should I remove OpenLDAP, I thought sasl used the LDAP client.
Henrik
----- Original Message -----
From: "Morris, Patrick" <patrick.morris(a)hp.com>
To: "General discussion list for the Fedora Directory server project."
<fedora-directory-users(a)redhat.com>
Sent: Sunday, September 17, 2006 2:46 PM
Subject: RE: [Fedora-directory-users] How to make anonymous SASL work?
> I seem quite stuck on getting the first step of setting up
> mail authentication.
>
> I have a running directory and Cyrus-SASL installed, but I
> can't get the two to communicate properly.
>
> For now I think anonymous access is fine as they are on the
> same server.
>
> I tried ldapsearch, but it seems to fail quite basicly:
>
> [root@langham ~]# ldapsearch -D "cn=admin" -w fidelio77 -b
> "fashioncontent.com" cn=hvendelbo SASL/EXTERNAL authentication started
> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
> additional info: SASL(-4): no mechanism available:
> [root@langham ~]# ldapsearch -X -Y
> SASL/EXTERNAL authentication started
> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
> additional info: SASL(-4): no mechanism available:
>
> As I understand the message I need to configure some protocol
> on the server, but I have no idea where or how??
It looks like you're using the OpenLDAP version of ldapsearch and don't
have SAASL auth set up on the server.
You can either pass the "-x" switch to ldapsearch to use plaintext auth,
ot use the ldapsearch that comes with the directory server (probably in
/opt/fedora-ds/shared/bin).
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
9:20 a.m.
> As I understand the message I need to configure some protocol
> on the server, but I have no idea where or how??
It looks like you're using the OpenLDAP version of ldapsearch and don't
have SAASL auth set up on the server.
Yes, but how do I set up SASL auth. What doc describes it in less than 100
pages.
Also, why shouldnt the OpenLDAP client be able to talk to Fedora DS ?
You can either pass the "-x" switch to ldapsearch to use plaintext auth,
ot use the ldapsearch that comes with the directory server (probably in
/opt/fedora-ds/shared/bin).
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
10:53 a.m.
devel - Fashion Content wrote:
>> As I understand the message I need to configure some
protocol
>> on the server, but I have no idea where or how??
>
>
> It looks like you're using the OpenLDAP version of ldapsearch and don't
> have SAASL auth set up on the server.
Yes, but how do I set up SASL auth. What doc describes it in less than
100 pages.
Also, why shouldnt the OpenLDAP client be able to talk to Fedora DS ?
It is - see
below
>
> You can either pass the "-x" switch to ldapsearch to use plaintext auth,
> ot use the ldapsearch that comes with the directory server (probably in
> /opt/fedora-ds/shared/bin).
/usr/bin/ldapsearch -x -D "bind dn" -w
bindpassword .....
ldapsearch by default will attempt a SASL bind, using the best mechanism
available. To disable this behavior, and force the openldap command
line tools to use SIMPLE binddn/password auth, you have to specify the
-x argument.
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
2:42 p.m.
>
> You can either pass the "-x" switch to ldapsearch to use plaintext auth,
> ot use the ldapsearch that comes with the directory server (probably in
> /opt/fedora-ds/shared/bin).
/usr/bin/ldapsearch -x -D "bind dn" -w
bindpassword .....
ldapsearch by default will attempt a SASL bind, using the best mechanism
available. To disable this behavior, and force the openldap command
line tools to use SIMPLE binddn/password auth, you have to specify the
-x argument.
>
Ok tried that and it seemed to work except I can't get it to return any data
(I have 3 users defined) when I use the
ldapsearch which comes with fedora-ds. The OpenLDAP ldapsearch works as
expected.
testsaslauthd still doesn't work though. I must admit it seems a bit
worrying that a vanilla mailserver setup is this hard.
Am I the only one that would use Fedora DS for authenticating IMAP users?
Henrik
6:19 p.m.
devel - Fashion Content wrote:
>>
>> You can either pass the "-x" switch to ldapsearch to use plaintext
>> auth,
>> ot use the ldapsearch that comes with the directory server (probably in
>> /opt/fedora-ds/shared/bin).
/usr/bin/ldapsearch -x -D "bind dn" -w bindpassword .....
ldapsearch by default will attempt a SASL bind, using the best mechanism
available. To disable this behavior, and force the openldap command
line tools to use SIMPLE binddn/password auth, you have to specify the
-x argument.
>>
Ok tried that and it seemed to work except I can't get it to return
any data (I have 3 users defined) when I use the
ldapsearch which comes with fedora-ds. The OpenLDAP ldapsearch works
as expected.
Can you post the exact command lines that you used and the output you
got?
testsaslauthd still doesn't work though.
I'm not really sure what that
does. Fedora DS supports SASL - EXTERNAL
(i.e. client cert auth, if you configure the server for SSL), DIGEST-MD5
(with clear text passwords in the db), and GSSAPI (i.e. Kerberos).
I must admit it seems a bit worrying that a vanilla mailserver setup
is this hard.
Am I the only one that would use Fedora DS for authenticating IMAP users?
Henrik
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
12:19 p.m.
I have the mailserver and the directory on the same server.
I have installed OpenLDAP client & libs and cyrus sasl.
Fedora DS ldapsearch is not on the path.
The Fedora DS now stores userPasswords as plaintext.
saslauthd run with: MECH=ldap, FLAGS=-c
saslauthd.conf:
ldap_servers: ldap://127.0.0.1
ldap_search_base: ou=People,dc=fashioncontent,dc=com
ldap_bind_dn: cn=Directory Manager,dc=fashioncontent,dc=com
ldap_bind_pw: secret
ldap_filter: (&(objectClass=inetorgperson)(uid=%u))
ldap_use_sasl: no
ldap_auth_method: bind
ldap_version: 3
ldap_debug: 3
ldap_verbose: on
log_level: 255
OpenLDAP ldapsearch: Shows userPassword results hashed, but otherwise shows
the users I look up
OpenLDAP ldapsearch userPassword=secret: Success
Fedora ldapsearch: Fails to find anything
testsaslauthd -u devel -p secret: Fails to find anything, error code 32 I
think
I haven't figured out how to make saslauthd report the ldap queries, so I
know very little of what happens and the Fedora logs
don't appear to help much more.
Henrik
9:57 a.m.
devel - Fashion Content wrote:
I have the mailserver and the directory on the same server.
I have installed OpenLDAP client & libs and cyrus sasl.
Fedora DS ldapsearch is not on the path.
The Fedora DS now stores userPasswords as plaintext.
saslauthd run with: MECH=ldap, FLAGS=-c
saslauthd.conf:
ldap_servers: ldap://127.0.0.1
ldap_search_base: ou=People,dc=fashioncontent,dc=com
ldap_bind_dn: cn=Directory Manager,dc=fashioncontent,dc=com
ldap_bind_pw: secret
ldap_filter: (&(objectClass=inetorgperson)(uid=%u))
ldap_use_sasl: no
ldap_auth_method: bind
ldap_version: 3
ldap_debug: 3
ldap_verbose: on
log_level: 255
OpenLDAP ldapsearch: Shows userPassword results hashed, but otherwise
shows the users I look up
OpenLDAP ldapsearch userPassword=secret: Success
Fedora ldapsearch: Fails to find anything
testsaslauthd -u devel -p secret: Fails to find anything, error code
32 I think
It would be helpful if you could post the exact ldapsearch command line
that you used both for openldap and for fedora ds, along with the exact
output, or an excerpt of a few lines at least.
I haven't figured out how to make saslauthd report the ldap queries,
so I know very little of what happens and the Fedora logs
don't appear to help much more.
The fedora ds access log will show the tcp
socket
connection/disconnection and peer IP address, the BIND request and
result, and the SRCH request and result. If you need help interpreting
the log output, please post an excerpt to this list.
Henrik
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
9:23 a.m.
[root@langham ~]# /opt/fedora-ds/shared/bin/ldapsearch -x
/opt/fedora-ds/shared/bin/ldapsearch: error while loading shared libraries:
libssldap50.so: cannot open shared object file: No such file or directory
The libssldap50.so is present with rx access to all
----- Original Message -----
From: "Morris, Patrick" <patrick.morris(a)hp.com>
To: "General discussion list for the Fedora Directory server project."
<fedora-directory-users(a)redhat.com>
Sent: Sunday, September 17, 2006 2:46 PM
Subject: RE: [Fedora-directory-users] How to make anonymous SASL work?
> I seem quite stuck on getting the first step of setting up
> mail authentication.
>
> I have a running directory and Cyrus-SASL installed, but I
> can't get the two to communicate properly.
>
> For now I think anonymous access is fine as they are on the
> same server.
>
> I tried ldapsearch, but it seems to fail quite basicly:
>
> [root@langham ~]# ldapsearch -D "cn=admin" -w fidelio77 -b
> "fashioncontent.com" cn=hvendelbo SASL/EXTERNAL authentication started
> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
> additional info: SASL(-4): no mechanism available:
> [root@langham ~]# ldapsearch -X -Y
> SASL/EXTERNAL authentication started
> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
> additional info: SASL(-4): no mechanism available:
>
> As I understand the message I need to configure some protocol
> on the server, but I have no idea where or how??
It looks like you're using the OpenLDAP version of ldapsearch and don't
have SAASL auth set up on the server.
You can either pass the "-x" switch to ldapsearch to use plaintext auth,
ot use the ldapsearch that comes with the directory server (probably in
/opt/fedora-ds/shared/bin).
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
6425
days inactive
6429
days old
389-users@lists.fedoraproject.org
9 comments
3 participants
participants (3)
-
devel - Fashion Content -
Morris, Patrick -
Rich Megginson