From owner-freebsd-ports Wed Aug 28 21:38:39 2002 Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 338EB37B400 for ; Wed, 28 Aug 2002 21:38:34 -0700 (PDT) Received: from mail.westbend.net (ns1.westbend.net [216.47.253.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7866043E42 for ; Wed, 28 Aug 2002 21:38:33 -0700 (PDT) (envelope-from hetzels@westbend.net) Received: from Admin01 (admin01.westbend.net [216.47.253.18]) by mail.westbend.net (8.12.5/8.12.5) with SMTP id g7T4cWBg041902; Wed, 28 Aug 2002 23:38:32 -0500 (CDT) (envelope-from hetzels@westbend.net) Message-ID: <018601c24f15$ec5360f0$12fd2fd8@Admin01> From: "Scot W. Hetzel" To: "Robin P. Blanchard" Cc: References: <3D611B4F.2050605@georgiacenter.org> <009b01c247a9$040189d0$11fd2fd8@ADMIN00> <3D614E58.70409@georgiacenter.org> Subject: Re: cyrus / sasl / ldap woes Date: Wed, 28 Aug 2002 23:38:27 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Virus-Scanned: by amavisd-milter (http://amavis.org/) Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org From: "Robin P. Blanchard" on 08/19/2002 > > From: "Robin P. Blanchard" on 08/19/2002 > > > >>freshly installed -STABLE with freshly installed ports: > >> > >>cyrus-imapd-2.0.16_3 > >>cyrus-sasl-1.5.27_6 > >>db3-3.2.9_3,1 > >>makedepend-2000.12.28 > >>openldap-2.0.25 > >> > >> > >>anyone else using the combo of ports? any success with the current revs? > >> > Ok...took the new/broken box and removed cyrus-imapd-2.0.16_3 and > cyrus-sasl-1.5.27_6. pkg_tarup'ed older versions from working/production > server. Force pkg_added them (to use new openldap-2.0.25 libs -- so, > problem is not related to ldap rev). SASL is again talking to LDAP. > So...when things got broken? Not sure. But it's (sasl and/or cyrus-imap) > certainly currently broken. > > And now back to the real problem...Hopefully getting cyrus/sasl to auth > against AD as opposed to openldap. > I finally had a chance to fully test all 3 LDAP pwcheck_methods (saslauthd, pwcheck (pwcheck_pam), ldap) available for the cyrus-sasl port. Using the following ports: cyrus-imapd-2.0.16_3 cyrus-sasl-1.5.27_6 db3-3.2.9_3,1 makedepend-2000.12.28 openldap-2.0.25 pam_ldap-1.5.0 The only trouble I had was setting up the pam_ldap module to be used with the saslauthd and pwcheck_pam daemons. As the pkg-message for the pam_ldap port specifies to only add an "auth" line to the appropriate pam files. With existing users (password was changed so that /etc/master.passwd != LDAP password), using either the /etc/master.passwd or LDAP password I could login. But it wouldn't work with a user only in LDAP. When I added the "account" entry for pam_ldap.so, the LDAP only user was able to log into both imap and pop servers. I have updated the cyrus-sasl port to install an example pam service file (see ${EXAMPLESDIR}/cyrus.pam). http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/42153 I had no problem with cyrus-imapd when configuring imapd.conf with: sasl_pwcheck_method: ldap sasl_ldap_server: localhost sasl_ldap_basedn: dc=westbend,dc=net sasl_ldap_uidattr: uid sasl_ldap_port: 389 sasl_ldap_ssl: no sasl_ldap_filter_mode: yes sasl_ldap_filter: (objectClass=posixAccount) sasl_ldap_bind_dn: cn=Manager,dc=westbend,dc=net sasl_ldap_bind_pw: xxxxxxxx sasl_ldap_alias_deref: n Scot W. Hetzel p.s. I probably could have removed a few of the sasl_ldap_* options, as they would have used the compiled in default setting. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message