SASL-LDAP problems, i need a guru

[X11]

I have been having a problem with a SASL/LDAP configuration for Dovecot. The place I am working at uses SASL. There are over 50 accounts on this network which somehow exist from the "Windows XP Account Manager for Domains" which is some Microsoft Tool which cannot see the groups according to Samba anymore - another bug which I need to fix.

Basically everything appears to be using SASL to authenticate and nothing has been migrated to SASL2. However SASL's tools are really informative like this...

Code: Select all

[root@pusa3 ~]# sasl2passwd
-bash: sasl2passwd: command not found
[root@pusa3 ~]# sasldblistusers
user: john.tate realm: pusa3.yunyangtemple.org.au mech: PLAIN
user: john.tate realm: pusa3.yunyangtemple.org.au mech: CRAM-MD5
user: john.tate realm: pusa3.yunyangtemple.org.au mech: DIGEST-MD5
[root@pusa3 ~]# sasldblistusers2
listusers failed

SASL and LDAP are really new to me however the SGI SASL implementation appears to be being used. I cannot change this on a whim until a meeting is arranged, etc, where I have a chance to mention all of this.

If anyone knows more about this so I can dig into it archimedies style and work out where the authentication issues lie (experienced by Dovecot, which kindly tells me it uses the getpwnam(3) interface or "something similar").

There are no users in /etc/passwd, they exist in the ldap database however the authentication is done some other way and I do not understand it. I assume and point all blame at SASL because its all I am aware of that I don't know about.

Some tips on digging into this problem archimedes style would be helpful.

John.

[X11]

Nevermind I'm a moron who used BSD way too f**g long and just realised everything is done through PAM on Fedora.

Edit: don't ever do drugs. Very bad for you.

[Void Main]

Well now, PAM I can help you with. :) I've been up to my ears in PAM + Radius + TACACS + RSA SecurID + AD the last couple of months on Linux, AIX and Solaris.