On Thu, 20 May 2010 06:52:17 +0200, Patrick Ben Koetter <p...@state-of-mind.de> wrote: > > Different to Cyrus IMAP, Postfix does not pass config vars to libsasl > during > startup from its own config file, but lets libsasl read the configuration > from > an external file i.e. smtpd.conf. As a result of that you don't need (read: > must not) prepend parameters with e.g. "sasl_". > > This configuration in smtpd.conf is syntactically correct: > > pwcheck_method: auxprop > auxprop_plugin: ldapdb > mech_list: DIGEST-MD5 PLAIN LOGIN > ldapdb_uri: ldap://localhost > ldapdb_id: postfix > ldapdb_pw: f4oi6u87j687qzer613bv867zq43o > ldapdb_mech: DIGEST-MD5 > > p...@rick > > >
OK. That's useful information. I can confirm that '/etc/postfix/sasl/smtpd.conf' is read and used by the sasl library, because when I change the ldapdb_uri to something like 'ldapdb_uri: ldap://localhost:1024', postfix still tries to authenticate but slapd doesn't receive any connection. I tried again with user cyrus instead of postfix, but I still have this in '/var/log/auth.log' ---- May 20 11:45:48 samchiel postfix/smtpd[30561]: No worthy mechs found ---- I attached the logs of cyrus-imap user login, just to prove that it's working in this configuration. So, from my limited knowledge, It's narrowed down to this: why can't smtpd find any worthy mechanism when trying to authenticate to LDAP using the SASL library ? Thanks for your help, Julien
# nc localhost 143 * OK samchiel Cyrus IMAP4 v2.2.13-Debian-2.2.13-19 server ready . login julien xxxXXXXxxxxXXXX . OK User logged in . logout * BYE LOGOUT received . OK Completed # tail /var/log/mail.info May 20 11:38:10 samchiel cyrus/imap[30478]: login: localhost [127.0.0.1] julien plaintext User logged in # tail /var/log/auth.log May 20 11:38:10 samchiel cyrus/imap[30478]: DIGEST-MD5 client step 2 May 20 11:38:10 samchiel cyrus/imap[30478]: DIGEST-MD5 client step 2 May 20 11:38:10 samchiel cyrus/imap[30478]: DIGEST-MD5 client step 3 # grep "11:38:10" /var/log/slapd.log |grep conn May 20 11:38:10 samchiel slapd[1431]: conn=53 fd=17 ACCEPT from IP=127.0.0.1:50793 (IP=127.0.0.1:389) May 20 11:38:10 samchiel slapd[1431]: conn=53 op=0 BIND dn="" method=163 May 20 11:38:10 samchiel slapd[1431]: conn=53 op=0 RESULT tag=97 err=14 text=SASL(0): successful result: May 20 11:38:10 samchiel slapd[1431]: conn=53 op=1 BIND dn="" method=163 May 20 11:38:10 samchiel slapd[1431]: conn=53 op=1 BIND authcid="cyrus" authzid="cyrus" May 20 11:38:10 samchiel slapd[1431]: conn=53 op=1 BIND dn="cn=cyrus administrator,ou=infrastructure,dc=linuxwall,dc=info" mech=DI GEST-MD5 sasl_ssf=128 ssf=128 May 20 11:38:10 samchiel slapd[1431]: conn=53 op=1 RESULT tag=97 err=0 text= May 20 11:38:10 samchiel slapd[1431]: conn=53 op=2 PROXYAUTHZ dn="cn=julien vehent,ou=people,dc=linuxwall,dc=info" May 20 11:38:10 samchiel slapd[1431]: conn=53 op=2 EXT oid=1.3.6.1.4.1.4203.1.11.3 May 20 11:38:10 samchiel slapd[1431]: conn=53 op=2 WHOAMI May 20 11:38:10 samchiel slapd[1431]: conn=53 op=2 RESULT oid= err=0 text= May 20 11:38:10 samchiel slapd[1431]: conn=53 op=3 PROXYAUTHZ dn="cn=julien vehent,ou=people,dc=linuxwall,dc=info" May 20 11:38:10 samchiel slapd[1431]: conn=53 op=3 SRCH base="cn=julien vehent,ou=people,dc=linuxwall,dc=info" scope=0 deref=0 fil ter="(objectClass=*)" May 20 11:38:10 samchiel slapd[1431]: conn=53 op=3 SRCH attr=userPassword cmusaslsecretPLAIN May 20 11:38:10 samchiel slapd[1431]: conn=53 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= May 20 11:38:10 samchiel slapd[1431]: conn=53 op=4 UNBIND May 20 11:38:10 samchiel slapd[1431]: conn=53 fd=17 closed
