On Mon, May 24, 2010 at 07:30:56PM +0200, Julien Vehent wrote:
> Final solution provided by the Openldap mailing list:
>
> > Just change your authz-regexp line to
> >
> > authz-regexp "^uid=([^,]+).*,cn=[^,]*,cn=auth$"
> > "ldap:///dc=linuxwall,dc=info??sub?(|(uid=$1)(mail=$1))"
>
>
> And the authentication works.
> I think it's worth a line in the sasl howto to explain that postfix will
> use the email value to authenticate the user, and therefore the authz-regex
> should take it into account...
This looks wrong. As Patrick points out you are likely confusing
authentication realms (u...@realm principals) with email addresses.
DON'T. Rather configure Postfix with an empty or other correct setting
of the realm that will work correctly without matching u...@mail again
email addresses.
--
Viktor.
P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain our perimeter email
environment. If you are interested, please drop me a note.
