SASL LDAP authentication failure

Question

Trying to use SASL AND LDAP to authenticate user in RedHat Linux. So far I\'ve setup the saslauthd service and its up and

Answer 1

After 5 days of struggle found out that the settings i used was for Active directory where i should be using settings for LDAP as following:

ldap_servers: ldaps://test.ldap.server:1234
ldap_search_base: Ou=PeopleAuthSrch,DC=abc,DC=com
ldap_filters: (uid=%u)
ldap_tls_cacert_file: /path/to/my/certificate

I did install cyrus-sasl-md5 as Bertold Kolics mentioned, i'm not sure if that played the part on authenticating the user.

Answer 2

I went through the exercise of setting SASL setup with OpenLDAP and TLS on RedHat Linux 7.2 and I managed to get something similar working fine.

As I mentioned in my previous post, make sure that you have the cyrus-sasl-md5 package installed.

I would first try to get everything working without SSL. Only after you have your setup working without SSL move to the SSL part.

• You need to make sure that saslauthd accepts the CA certificate of the certificate used by the LDAP server. In particular,
  ldap_tls_cacert_file option in /etc/saslauthd.conf is your friend
• If you have SELinux enabled, make sure that saslauthd can access the certificate files. If you are unsure, tail the /var/log/audit/audit.log file and look for entries with the "denied" keyword. I have found the audit2allow tool a great way to enable access that was previously denied. You can also just disable SELinux temporarily using the setenforce Permissive command