[SOLVED] ldap error messages

[billmckinstry]

Hi Forum, What do these error messages mean and how can I fix the problem or what to look for in search to find info.

Mar 29 14:49:36 mailserver saslauthd[3359]: Retrying authentication
Mar 29 14:49:36 mailserver saslauthd[3360]: Retrying authentication
Mar 29 14:49:36 mailserver saslauthd[3344]: Retrying authentication
Mar 29 14:49:37 mailserver saslauthd[3357]: Retrying authentication
Mar 29 14:49:58 mailserver saslauthd[3358]: Retrying authentication
Mar 29 14:51:29 mailserver horde[19301]: [imp] 192.168.1.31 Message sent to "Miv
ana, Imelda" <mivanai@anz.com>, henao.morea from bill [on line 1080 of "/usr/sha
re/horde/imp/compose.php"]
Mar 29 14:54:12 mailserver saslauthd[3360]: user ldap_search_st() failed: Can't
contact LDAP server
Mar 29 14:54:12 mailserver saslauthd[3360]: Retrying authentication
Mar 29 14:54:12 mailserver saslauthd[3344]: Retrying authentication
Mar 29 14:54:15 mailserver saslauthd[3357]: Retrying authentication
Mar 29 14:54:36 mailserver saslauthd[3358]: Retrying authentication
Mar 29 14:54:36 mailserver saslauthd[3359]: Retrying authentication
Mar 29 14:55:19 mailserver horde[25737]: [horde] User margaret [192.168.1.87] lo
gged out of Horde [on line 59 of "/usr/share/horde/login.php"]
Mar 29 14:57:04 mailserver saslauthd[3360]: Retrying authentication
Mar 29 14:57:04 mailserver saslauthd[3357]: Retrying authentication
Mar 29 14:57:07 mailserver saslauthd[3344]: Retrying authentication
Mar 29 14:57:17 mailserver saslauthd[3358]: user ldap_search_st() failed: Can't
contact LDAP server
Mar 29 14:57:17 mailserver saslauthd[3358]: Retrying authentication
Mar 29 14:57:18 mailserver saslauthd[3359]: Retrying authentication
Mar 29 14:59:18 mailserver saslauthd[3358]: Retrying authentication
Mar 29 14:59:18 mailserver saslauthd[3344]: Retrying authentication
Mar 29 14:59:36 mailserver saslauthd[3357]: Retrying authentication
Mar 29 14:59:36 mailserver saslauthd[3360]: Retrying authentication
Mar 29 14:59:36 mailserver saslauthd[3359]: Retrying authentication
Mar 29 15:04:20 mailserver saslauthd[3359]: user ldap_search_st() failed: Can't
contact LDAP server
Mar 29 15:04:20 mailserver saslauthd[3359]: Retrying authentication
Mar 29 15:04:20 mailserver saslauthd[3358]: Retrying authentication
Mar 29 15:04:25 mailserver saslauthd[3344]: Retrying authentication
Mar 29 15:04:25 mailserver saslauthd[3360]: user ldap_search_st() failed: Can't
contact LDAP server
Mar 29 15:04:25 mailserver saslauthd[3360]: Retrying authentication
Mar 29 15:04:27 mailserver saslauthd[3357]: Retrying authentication
Mar 29 15:05:27 mailserver horde[27492]: [imp] 192.168.1.31 Message sent to ekem
a@westpac.com.au, henao.morea from bill [on line 1080 of "/usr/share/horde/imp/c
ompose.php"]
Mar 29 15:07:38 mailserver saslauthd[3357]: Retrying authentication
Mar 29 15:07:38 mailserver saslauthd[3359]: Retrying authentication
Mar 29 15:07:54 mailserver sshd(pam_unix)[17018]: session opened for user root b
y (uid=0)

Appreciate any assistance and regards, Bill

[guus.leeuw.jr]

These messages mean that saslauthd is not setup properly.
How to fix? "man saslauthd" for a start, maybe some googling, or send you configs here so we can look them over.

[billmckinstry]

I have checked man and see reference:
FILES
/var/run/saslauthd/mux The default communications socket.

/usr/local/etc/saslauthd.conf
The default configuration file for ldap support.

Checking system and /mux is there but /usr/local/etc/ is empty.

According to "find / -name saslauthd"

[root@mailserver /]# find / -name saslauthd
/var/lock/subsys/saslauthd
/var/run/saslauthd
/etc/rc.d/init.d/saslauthd
/etc/sysconfig/saslauthd
/usr/sbin/saslauthd
find: /proc/16426/task: No such file or directory
[root@mailserver /]#

Where would I find the config files?

[billmckinstry]

Here is /etc/mailer.conf

[root@mailserver etc]# more mailer.conf
host=localhost
port=25
ssl=
username=
password=
[root@mailserver etc]#

Any problems here?

[billmckinstry]

Here is /etc/kolab/bolab.conf which creates another conf file

[root@mailserver kolab]# more kolab.conf
fqdnhostname : mailserver.clubgroup.com.pg
is_master : true
base_dn : dc=clubgroup,dc=com,dc=pg
bind_dn : cn=manager,cn=internal,dc=clubgroup,dc=com,dc=pg
bind_pw : wlI8x7W5wOD7hHE6
bind_pw_hash : {SSHA}t4ztHNrSnDNmXLeqhNB29PXJVMbyBCFE
ldap_uri : ldap://127.0.0.1:389
ldap_master_uri : ldap://127.0.0.1:389
php_dn : cn=nobody,cn=internal,dc=clubgroup,dc=com,dc=pg
php_pw : 4CBlvTZDtaKGDOlLlyxPwknmpFiDyvwXqmZsRTMg
calendar_dn : cn=calendar,cn=internal,dc=clubgroup,dc=com,dc=pg
calendar_pw : eAQVeTj2EF0YFWB9auBfnj0WlHok1XVRW9Vxjmy4
[root@mailserver kolab]# [root@mailserver kolab]# more kolab.conf
fqdnhostname : mailserver.clubgroup.com.pg
is_master : true
base_dn : dc=clubgroup,dc=com,dc=pg
bind_dn : cn=manager,cn=internal,dc=clubgroup,dc=com,dc=pg
bind_pw : wlI8x7W5wOD7hHE6
bind_pw_hash : {SSHA}t4ztHNrSnDNmXLeqhNB29PXJVMbyBCFE
ldap_uri : ldap://127.0.0.1:389
ldap_master_uri : ldap://127.0.0.1:389
php_dn : cn=nobody,cn=internal,dc=clubgroup,dc=com,dc=pg
php_pw : 4CBlvTZDtaKGDOlLlyxPwknmpFiDyvwXqmZsRTMg
calendar_dn : cn=calendar,cn=internal,dc=clubgroup,dc=com,dc=pg
calendar_pw : eAQVeTj2EF0YFWB9auBfnj0WlHok1XVRW9Vxjmy4
[root@mailserver kolab]#

[billmckinstry]

and /etc/ldap.conf

[root@mailserver etc]# more ldap.conf
# This file is automatically updated -- please do not edit.
host 127.0.0.1
base dc=clubgroup,dc=com,dc=pg
[root@mailserver etc]#

[billmckinstry]

Here is /etc/rc.d/init.d/saslauthd

[root@mailserver init.d]# more saslauthd
#! /bin/bash
#
# saslauthd Start/Stop the SASL authentication daemon.
#
# chkconfig: - 95 05
# description: saslauthd is a server process which handles plaintext \
# authentication requests on behalf of the cyrus-sasl library.
# processname: saslauthd

# Source function library.
. /etc/init.d/functions

# Source our configuration file for these variables.
SOCKETDIR=/var/run/saslauthd
MECH=shadow
FLAGS=
if [ -f /etc/sysconfig/saslauthd ] ; then
. /etc/sysconfig/saslauthd
fi

RETVAL=0

# Set up some common variables before we launch into what might be
# considered boilerplate by now.
prog=saslauthd
path=/usr/sbin/saslauthd

# Ugh. Switch to a specific copy of saslauthd if there's one with $MECH
# in its name, in case it wasn't included in the base cyrus-sasl package
# because it would have dragged in too many undesirable dependencies.
if test -x ${path}.${MECH} ; then
path=/usr/sbin/saslauthd.$MECH
fi

start() {
echo -n $"Starting $prog: "
daemon $path -m $SOCKETDIR -a $MECH $FLAGS
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
return $RETVAL
}

stop() {
echo -n $"Stopping $prog: "
killproc $path
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
return $RETVAL
}

restart() {
stop
start
}

case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
status)
status $path
;;
condrestart)
[ -f /var/lock/subsys/$prog ] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|status|reload|restart|condrestart}"
exit 1
esac

exit $?
[root@mailserver init.d]#

[guus.leeuw.jr]

Bill,

sofar so good. I'd need to see
1) /etc/openldap/slapd.conf
2) whether slapd is started (on system start-up)
3) /etc/sysconfig/saslauthd

Thanks,
Guus

[billmckinstry]

Guus, Here is slapd.conf.

[root@mailserver openldap]# more slapd.conf
# (c) 2003 Tassilo Erlewein <tassilo.erlewein@erfrakon.de>
# (c) 2003-2005 Martin Konold <martin.konold@erfrakon.de>
# (c) 2003 Achim Frank <achim.frank@erfrakon.de>
# This program is Free Software under the GNU General Public License (>=v2).
# Read the file COPYING that comes with this packages for details.


# this file is automatically written by the Kolab config backend and should have
the
# file mode 0640

# manual additions are lost unless made to the template in the Kolab config dire
ctory
# the template is /etc/kolab/templates/slapd.conf.template

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/rfc2739.schema
include /etc/openldap/schema/kolab2.schema
include /etc/openldap/schema/horde.schema
include /etc/openldap/schema/pcn.schema

pidfile /var/run/slapd.pid
replica-pidfile /var/run/slurpd.pid
argsfile /var/run/slapd.args
replogfile /var/lib/ldap/replog
replicationinterval 5

schemacheck on

TLSCertificateFile /etc/openldap/cacerts/cert.pem
TLSCertificateKeyFile /etc/openldap/cacerts/key.pem

rootDSE /etc/openldap/rootDSE.ldif

defaultsearchbase "dc=clubgroup,dc=com,dc=pg"

#require none
allow bind_v2

loglevel 0

database monitor

database bdb
suffix "dc=clubgroup,dc=com,dc=pg"
cachesize 2000
checkpoint 512 10
idlcachesize 10000
idletimeout 80 # The value can be increased if some clients develop problems.
# Please report to kolab-devel@kolab.org if you encounter such a client.

directory /var/lib/ldap

rootdn "cn=manager,cn=internal,dc=clubgroup,dc=com,dc =pg"
rootpw "{SSHA}t4ztHNrSnDNmXLeqhNB29PXJVMbyBCFE"

replica uri=ldap://127.0.0.1:9999
binddn="cn=replicator"
bindmethod=simple
credentials=secret

index objectClass pres,eq
index uid approx,sub,pres,eq
index mail approx,sub,pres,eq
index alias approx,sub,pres,eq
index cn approx,sub,pres,eq
index sn approx,sub,pres,eq
index givenName approx,sub,pres,eq
index kolabHomeServer pres,eq
index member pres,eq

include /etc/openldap/slapd.access

access to dn="dc=clubgroup,dc=com,dc=pg" attrs=children
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=clubgro up,dc=com,dc=pg" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=cl ubgroup,dc=com,dc=pg" write
by group/kolabGroupOfNames="cn=domain-maintainer,cn=internal,dc=clubgroup,dc=com,dc=pg" write

access to dn="cn=internal,dc=clubgroup,dc=com,dc=pg" attrs=children
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=clubgro up,dc=com,dc=pg" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=cl ubgroup,dc=com,dc=pg" write
by group/kolabGroupOfNames="cn=domain-maintainer,cn=internal,dc=clubgroup,dc=com,dc=pg" write

access to dn.subtree="cn=Monitor"
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=clubgro up,dc=com,dc=pg" write
by * none stop

access to attr=userPassword
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=clubgro up,dc=com,dc=pg" =wx
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=cl ubgroup,dc=com,dc=pg" =wx
by self =wx
by anonymous =x
by * none stop

access to attr=mail
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=clubgro up,dc=com,dc=pg" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=cl ubgroup,dc=com,dc=pg" write
by * read stop

access to attr=alias
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=clubgro up,dc=com,dc=pg" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=cl ubgroup,dc=com,dc=pg" write
by * read stop

access to attr=uid
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=clubgro up,dc=com,dc=pg" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=cl ubgroup,dc=com,dc=pg" write
by * read stop

access to attr=cyrus-userquota
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=clubgro up,dc=com,dc=pg" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=cl ubgroup,dc=com,dc=pg" write
by self read stop

access to attr=kolabHomeServer
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=clubgro up,dc=com,dc=pg" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=cl ubgroup,dc=com,dc=pg" write
by * read stop

access to attr=kolabHomeMTA
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=clubgro up,dc=com,dc=pg" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=cl ubgroup,dc=com,dc=pg" write
by * read stop

access to dn="cn=nobody,dc=clubgroup,dc=com,dc=pg"
by anonymous auth stop

access to dn="cn=manager,cn=internal,dc=clubgroup,dc=com,dc= pg"
by dn="cn=nobody,cn=internal,dc=clubgroup,dc=com,dc=p g" read
by self write
by anonymous auth stop

access to dn="cn=admin,cn=internal,dc=clubgroup,dc=com,dc=pg "
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=clubgro up,dc=com,dc=pg" write
by dn="cn=nobody,cn=internal,dc=clubgroup,dc=com,dc=p g" read
by self write
by anonymous auth stop

access to dn="cn=maintainer,cn=internal,dc=clubgroup,dc=com, dc=pg"
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=clubgro up,dc=com,dc=pg" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=cl ubgroup,dc=com,dc=pg" read
by dn="cn=nobody,cn=internal,dc=clubgroup,dc=com,dc=p g" read
by self write
by anonymous auth stop

access to dn.regex="(.*,)?cn=internal,dc=clubgroup,dc=com,dc =pg"
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=clubgro up,dc=com,dc=pg" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=cl ubgroup,dc=com,dc=pg" write
by self write
by dn="cn=nobody,cn=internal,dc=clubgroup,dc=com,dc=p g" read
by anonymous auth stop

access to dn.regex="(.*,)?cn=external,dc=clubgroup,dc=com,dc =pg"
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=clubgro up,dc=com,dc=pg" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=cl ubgroup,dc=com,dc=pg" write
by * read stop

access to dn="cn=external,dc=clubgroup,dc=com,dc=pg"
by dn="cn=nobody,cn=internal,dc=clubgroup,dc=com,dc=p g" read
by * search stop

access to dn="cn=internal,dc=clubgroup,dc=com,dc=pg"
by dn="cn=nobody,cn=internal,dc=clubgroup,dc=com,dc=p g" read
by * search stop

access to dn="k=kolab,dc=clubgroup,dc=com,dc=pg"
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=clubgro up,dc=com,dc=pg" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=cl ubgroup,dc=com,dc=pg" read
by group/kolabGroupOfNames="cn=domain-maintainer,cn=internal,dc=clubgroup,dc=com,dc=pg" read
by dn="cn=nobody,cn=internal,dc=clubgroup,dc=com,dc=p g" read
by * none stop

access to *
by self write
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=clubgro up,dc=com,dc=pg" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=cl ubgroup,dc=com,dc=pg" write
by * read stop

include /etc/openldap/slapd.replicas
[root@mailserver openldap]#

[billmckinstry]

Here is /etc/sysconfig/saslauthd

[root@mailserver sysconfig]# more saslauthd
# Directory in which to place saslauthd's listening socket, pid file, and so
# on. This directory must already exist.
SOCKETDIR=/var/run/saslauthd

# Mechanism to use when checking passwords. Run "saslauthd -v" to get a list
# of which mechanism your installation was compiled to use.
MECH=ldap

# Additional flags to pass to saslauthd on the command line. See saslauthd(
# for the list of accepted flags.
FLAGS=
[root@mailserver sysconfig]#