Hallo,
ich versuche gerade, den cyrus mit saslauthd und ldap zum laufen zu bringen
Allerdings habe ich immer folgende Fehlermeldung:
Authentication failed for admin: Bind to ldap server failed (invalid user/password or insufficient access) (-7)
Interessanterweise geht es, wenn ich in der slapd.conf den Parameter
rootpw {CRYPT}XXXX eingebe, mit rootpw XXXX geht es nicht. Da ich aber gerne mit
Webmin arbeiten möchte, will ich das mit plain passwort laufen haben.
Wer ist hier der Profi???
Hier die Konfigs:
/etc/openldap/slapd.conf
loglevel 1024
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/samba3.schema
include /etc/openldap/schema/mozillaAbPersonAlpha.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
allow bind_v2
# Load dynamic backend modules:
modulepath /usr/lib/openldap/modules
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access to user password
# Allow anonymous users to authenticate
# Allow read access to everything else
# Directives needed to implement policy:
access to dn.base=""
by * read
access to dn.base="cn=Subschema"
by * read
access to * attrs=userPassword,userPKCS12
by self write
by * auth
access to * attrs=shadowLastChange
by self write
by * read
include /etc/openldap/acl_addressbook.conf
access to *
by * read
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
database hdb
directory /var/lib/ldap
suffix dc=intern,dc=local
checkpoint 1024 5
#cachesize 10000
rootdn cn=manager,dc=intern,dc=local
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw YYYY
#rootpw {CRYPT}XXXX
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index mail pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaSIDList eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
index member eq
index entryCSN eq
index entryUUID eq
index sambaGroupType eq
database monitor
Hier die /etc/saslauthd.conf
ldap_servers: ldap://localhost/
ldap_version: 3
ldap_search_base: dc=intern,dc=local
#ldap_bind_dn: uid=admin,ou=users,dc=intern,dc=local
ldap_bind_dn: cn=manager,dc=intern,dc=local
ldap_bind_pw: XXXX
#ldap_filter: (uid=%u)
ldap_scope: sub
ldap_tls_check_peer: no
Hier die /etc/imapd.conf
reject8bit: no
allowplaintext: yes
hashimapspool: 1
sasl_mech_list: PLAIN LOGIN
admins: admin cyrus
sasl_pwcheck_method: saslauthd
sievedir: /var/lib/sieve
configdirectory: /var/lib/imap
lmtp_overquota_perm_failure: no
timeout: 30
dracinterval: 0
sieve_maxscripts: 5
poptimeout: 10
autocreatequota_units: 1
partition-default: /var/spool/imap
sieve_maxscriptsize: 32
quotawarn: 90
sendmail: /usr/sbin/sendmail
drachost: localhost
idlemethod: poll
idlesocket: /var/run/cyrus/socket/idle
notifysocket: /var/run/cyrus/socket/notify
Grüße
Oliver