- Previous message: Morten Olsen: "Re: Cyrus-SASL using LDAP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: Eugene Mogutov (eugene_m at inbox dot ru)
Date: Tue Mar 23 2004 - 05:39:10 EST
Hi
We are using patched cyrus-sasl-2.1.13-ldapauxprop by Pascal Gienger.
The solution is excellent since it allows to store passwords on LDAP
server and use CRAM-MD5 auth. The only problem is that we failed
to get LOGIN mechanism working. Sendmail cannot authenticate user and
the following message is logged:
AUTH failure (LOGIN): no mechanism available (-4) SASL(-4):
no mechanism available: checkpass failed
Sample client/server pair from cyrus-sasl source tree work fine with
CRAM-MD5 and DIGEST-MD5 but also fail with LOGIN and PLAIN mechs so
it's probably not sendmail problem.
The package is running on FreeBSD-current and was built with the following
set of configure options:
--enable-static --enable-login --enable-auth-sasldb --with-openssl=/usr
--with-rc4=openssl --with-saslauthd --with-ldapauxprop --with-ldap
--disable-gssapi
Application config for sasl looks like that:
pwcheck_method: ldapauxprop
ldap_user: cn=manager,dc=zzzz,dc=zz
ldap_passwd: zzzzzzzz
ldap_hostnames: 127.0.0.1
ldap_basedn: dc=zzzz,dc=zz
ldap_filter: uid=%u
ldap_verbose: yes
Trying to trace sample server with freebsd truss while client is trying
authenticate using CRAM-MD5 (successfully) and LOGIN (with "no mechanism
available" message) shows almost the same syscall sequence, at least
the request to LDAP server seems to be successful in both cases.
Can anybody give a hint how to make LOGIN mechanism working with
'ldapauxprop' variant of cyrus-sasl?
Thanks,
Eugene
|
|
|