On Thu, 20 May 2010 18:46:34 +0200, Julien Vehent <jul...@linuxwall.info> wrote: > Like most of the time, I discover that I've been too hasty to answer ! > > Postfix IS chrooted on Debian by default. At least, smtpd is. And by > removing the chroot in master.conf, I can now see that DIGEST-MD5 is > negociated with Slapd. (it still doesn't work though...) > > ----- > May 20 18:32:13 samchiel postfix/smtpd[1342]: DIGEST-MD5 client step 2 > May 20 18:32:13 samchiel postfix/smtpd[1342]: DIGEST-MD5 client step 2 > May 20 18:32:13 samchiel postfix/smtpd[1342]: DIGEST-MD5 client step 3 > ----- > > Now, all i need to do is to figure out how to work with both the chroot > and the sasl library on debian... any hint is welcome. > > > Sorry guys, and thanks for the help.
Well, apparently, I'm not done with this yet... I copied the content of /usr/lib/sasl2 into /var/run/postfix/usr/lib/sasl2 and I can now authenticate in DIGEST-MD5 with user postfix on the ldap directory. The logs of slapd (and the network dump) are confirming this, postfix negociates the DIGEST-MD5 and is authenticated. However, The authentication of my user still doesn't work. Postfix is telling me : ---- May 21 12:56:44 samchiel postfix/smtpd[11862]: warning: SASL authentication failure: Password verification failed May 21 12:56:44 samchiel postfix/smtpd[11862]: warning: localhost[127.0.0.1]: SASL plain authentication failed: authentication failure May 21 12:56:44 samchiel postfix/smtpd[11862]: > localhost[127.0.0.1]: 535 5.7.8 Error: authentication failed: authentication failure ---- And Slapd has this weird message: ---- May 21 12:56:44 samchiel slapd[1431]: conn=79 op=2 RESULT tag=120 err=123 text=not authorized to assume identity ---- While the proxy authorization is properly configured in the directory: ---- # ldapwhoami -Y DIGEST-MD5 -U postfix -H ldap://localhost -R linuxwall.info -X u:julien SASL/DIGEST-MD5 authentication started Please enter your password: SASL username: u:julien SASL SSF: 128 SASL data security layer installed. dn:cn=julien vehent,ou=people,dc=linuxwall,dc=info ---- note: I also tried to un-chroot all processes, just in case, but the result is the same. I re-read the SASL howto and I'm quite confinced that my configuration is fine (but once again, you're never a 100% sure). Any idea ? Julien
