i am looking to get SASL binds working in Dovecot for userdb lookups, and i am not sure what i might be doing wrong.
Dovecot version - 2.2.19 running on Fedora 22. MIT Kerberos and OpenLDAP are being used.
my LDAP configs: uris = ldap://server1.bpk2.com ldap://server2.bpk2.com sasl_bind = yes sasl_mech = gssapi sasl_realm = BPK2.COM sasl_authz_id = imap/imap.bpk2.com@BPK2.COM base = dc=bpk2,dc=com
the above results in the below error logs: Jan 01 13:56:58 mail auth[16747]: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available) Jan 01 13:56:58 mail dovecot[16722]: auth-worker(16747): Error: LDAP: binding failed (dn (none)): Local error, SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available)
i am assuming the keytab, /etc/dovecot/dovecot.keytab would be used to bind to the directory, but i am not sure. the auth_krb5_keytab directive is set with the absolute path and keytab name. is there something i am missing, such as a /etc/sasl2/dovecot.conf file?
in the directory, i am mapping the Kerberos ID to LDAP user object as such:
uid=imap\/(.*).bpk2.com,cn=bpk2.com,cn=gssapi,cn=auth uid=mda,ou=processUsers,ou=Users,dc=bpk2,dc=com
if i change the sasl_authz_id to uid=mda,ou=processUsers,ou=Users,dc=bpk2,dc=com, and restart dovecot, i still get the same error.
can anyone shed light on where i am going wrong?
thanks in advance,
brendan
participants (1)
-
Brendan Kearney