Re: Postfix, SASL and LDAPDB

Tue, 18 May 2010 10:55:21 -0700 

On Tue, May 18, 2010 at 07:47:12PM +0200, Julien Vehent wrote:

> > Is the LDAP library linked into Postfix compiled with Cyrus SASL support?
> > The "ldapdb" auxprop plugin needs an LDAP library that can do SASL binds.
> > If your LDAP library is not SASL (rather than simple bind) enabled, this
> > may not work.
> 
> I believe it is, since I see connexion to the LDAP server. ldd confirms it
> too:
> 
> ----
> # ldd /usr/sbin/postfix
>         linux-gate.so.1 =>  (0xb7788000)
>         libpostfix-global.so.1 => /usr/lib/libpostfix-global.so.1
> (0xb774b000)
>         libpostfix-util.so.1 => /usr/lib/libpostfix-util.so.1 (0xb771e000)
>         libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8 (0xb76d3000)
>         libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8
> (0xb757b000)
>         libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7564000)
>         libdb-4.7.so => /usr/lib/libdb-4.7.so (0xb740c000)
>         libnsl.so.1 => /lib/i686/cmov/libnsl.so.1 (0xb73f5000)
>         libresolv.so.2 => /lib/i686/cmov/libresolv.so.2 (0xb73df000)
>         libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7298000)
>         libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb7294000)
>         libz.so.1 => /usr/lib/libz.so.1 (0xb7280000)
>         libpthread.so.0 => /lib/i686/cmov/libpthread.so.0 (0xb7267000)
>         /lib/ld-linux.so.2 (0xb7789000)

1.      Your Postfix is not directly linked with LDAP at all, it looks like
        you are on a Debian system, and the LDAP table driver is dynamically
        loaded. So we don't know whether the LDAP library you are using has
        SASL support or not.

2.      Mere TCP connection to the LDAP server does not prove support for
        LDAP SASL bind in the LDAP client.

You need to determine whether your LDAP library supports SASL. Running
"ldd" on Postfix binaries won't tell you that, you need to run "ldd"
on the LDAP library used by the dynamically laoded Postfix LDAP table driver
and also, on the SASL LDAP plugin.

> > Take a look at the "Notes LDAPDB auxprop options" section of:
> > 
> >     http://www.sendmail.org/~ca/email/cyrus2/options.html
> > 
> > for additional LDAP server-side requirements.
> 
> The same directory is queried by cyrus-imapd using LDAPDB as well, and it
> works fine. So I assume the configuration/mistake is postfix specific and
> not in the LDAP conf.

What is in the IMAP server SASL configuration file?

-- 
        Viktor.

P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain our perimeter email
environment.  If you are interested, please drop me a note.

Reply via email to