LDAP configuration for mongo throws permission denied

Question

I'm fairly new to MongoDB and LDAP. I'm trying to use LDAP to authenticate users to mongo. these are the steps I have done so far.

1. Created a saslauthd.conf file inside /etc folder which contains the following line:

ldap_servers: ldap://com.myldap.server
ldap_use_sasl: yes
ldap_mech: DIGEST-MD5
ldap_auth_method: fastbind

2. created a muxdir inside /var/run/saslauthd which now looks like /var/run/saslauthd/mux

3. set the permission to 755 using sudo chmod 755 /var/run/saslauthd

4. Modified the /etc/sysconfig/saslauthd to have the following

MECH=ldap

5. Uncommented the line on the same file which says:

DAEMONOPTS=--user saslauth

Now when i tried to test the authentication mechanism using the following command:

testsaslauthd -u username -p password -f /var/run/saslauthd/mux

I'm getting the following message:

connect(): Permission Denied

my work is based on this and this Could anyone point out what i'm missing here? thanks in advance.

UPDATE:

I tried the test command with sudo like below:

sudo testsaslauthd -u username -p password -f /var/run/saslauthd/mux

And I'm getting the following:

connect() : Connection refused

Answer 1

Thanks for your question. I've enjoyed setting up my environment to try to reproduce the error. You'll be glad to heard that I don't think it's a difficult problem to overcome. However, I've probably spent more time than I desired setting up MongoDB, cyrus-sasl-md5, settings permissions, etc. when nothing is actually related with your problem, at least at a first glance.

Your problem (and I'm 90% sure) is either your saslauthd daemon is not running or it's not properly configured. Let's take a look at the following:

Check the service status. The output of service saslauthd status should be similar to mine, pasted below. Note some key values such as the location of the init script, /etc/init.d/saslauthd/ in my case; and the socket, /var/run/saslauthd/mux, the same file location you need to put in testsaslauthd [...] -f /var/run/saslauthd/mux command.

root@hectorvp-pc:~# service saslauthd status                                                                                                                   
● saslauthd.service - LSB: saslauthd startup script
   Loaded: loaded (/etc/init.d/saslauthd)
   Active: active (running) since Tue 2016-04-26 12:04:59 BST; 1s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 11569 ExecStop=/etc/init.d/saslauthd stop (code=exited, status=0/SUCCESS)
  Process: 11586 ExecStart=/etc/init.d/saslauthd start (code=exited, status=0/SUCCESS)
   Memory: 2.0M
   CGroup: /system.slice/saslauthd.service
           ├─11606 /usr/sbin/saslauthd -a ldap -c -m /var/run/saslauthd -n 5
           ├─11607 /usr/sbin/saslauthd -a ldap -c -m /var/run/saslauthd -n 5
           ├─11608 /usr/sbin/saslauthd -a ldap -c -m /var/run/saslauthd -n 5
           ├─11609 /usr/sbin/saslauthd -a ldap -c -m /var/run/saslauthd -n 5
           └─11610 /usr/sbin/saslauthd -a ldap -c -m /var/run/saslauthd -n 5

Apr 26 12:04:59 hectorvp-pc systemd[1]: Starting LSB: saslauthd startup script...
Apr 26 12:04:59 hectorvp-pc saslauthd[11586]: * Starting SASL Authentication Daemon saslauthd
Apr 26 12:04:59 hectorvp-pc saslauthd[11606]: detach_tty      : master pid is: 11606
Apr 26 12:04:59 hectorvp-pc saslauthd[11606]: ipc_init        : listening on socket: /var/run/saslauthd/mux
Apr 26 12:04:59 hectorvp-pc systemd[1]: Started LSB: saslauthd startup script.
Apr 26 12:04:59 hectorvp-pc saslauthd[11586]: ...done.

If the service is not running, just start it with service saslauthd start and check the status again (service saslauthd status) to check any possible upstream error.

It's also likely your ldap server is not running or missconfigured. You can take a look to the service status as above (service slapd status).

Please, try this and tell us about the outcome.

EDIT (26/04/2016): From the conversation in the comments of this answer, I've extracted some more steps. Please, apologize for the extensive conversation below the answer, its summarized here:

Debug saslauthd service: As indicated here, this service uses the system logs. In my case (Ubuntu) those logs are in /var/log/syslog but they might be in /var/log/messages in your case. At least by default. Look at this logs at the time you try to start the service and see if you see any error message that might give you some further insights about what the problem is.

The error appearing in /var/logs/messages was: could not bind to socket : /var/run/saslauthd/mux , bind: address already in use.

We checked the mux socket using the file command: file /var/run/saslauthd/mux and the output said it was a directory. It should be a socket. Then we removed it and restarted the service. Now the service works.