SASL binds

Fri, 01 Jan 2016 11:48:00 -0800

i am looking to get SASL binds working in Postfix for user, group and alias lookups, and i am not sure what i might be doing wrong.
Postfix version - 3.0.3 running on Fedora 22. MIT Kerberos and OpenLDAP are being used. 

my ldap-users.cf file, for example:
server_host = ldap://server1.bpk2.com ldap://server2.bpk2.com
search_base = dc=bpk2,dc=com
version = 3

bind = sasl
bind_dn = uid=mta,ou=processUsers,ou=Users,dc=bpk2,dc=com
sasl_mechs = gssapi
sasl_realm = BPK2.COM

query_filter = (mail=%s)

the above results in the below error logs:

Jan 01 14:33:50 mail postfix/trivial-rewrite[17185]: GSSAPI Error: 
Unspecified GSS failure.  Minor code may provide more information (No 
Kerberos credentials available)
Jan 01 14:33:50 mail postfix/trivial-rewrite[17185]: warning: 
dict_ldap_connect: Unable to bind to server ldap://server1.bpk2.com 
ldap://server2.bpk2.com with dn 
uid=mta,ou=processUsers,ou=Users,dc=bpk2,dc=com: -2 (Local error)
Jan 01 14:33:50 mail postfix/trivial-rewrite[17185]: warning: 
virtual_alias_domains: ldap:/etc/postfix/ldap-aliases.cf: table lookup 
problem
Jan 01 14:33:50 mail postfix/submission/smtpd[17176]: GSSAPI Error: 
Unspecified GSS failure.  Minor code may provide more information (No 
Kerberos credentials available)
Jan 01 14:33:50 mail postfix/submission/smtpd[17176]: warning: 
dict_ldap_connect: Unable to bind to server ldap://server1.bpk2.com 
ldap://server2.bpk2.com with dn 
uid=mta,ou=processUsers,ou=Users,dc=bpk2,dc=com: -2 (Local error)
Jan 01 14:33:50 mail postfix/submission/smtpd[17176]: warning: 
ldap:/etc/postfix/ldap-aliases.cf lookup error for "bren...@bpk2.com"




i am assuming the keytab, /etc/postfix/postfix.keytab would be used to 
bind to the directory, but i am not sure.  the KRB5_KTNAME environment 
variable is set with the absolute path and keytab name. is there 
something i am missing?  the etc/sasl2/smtpd.conf file has the keytab 
directive listed and gssapi is in the mech_list, too.  i have the below 
set in my main.cf:



import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY 
DISPLAY LANG=C KRB5_KTNAME=/etc/postfix/postfix.keytab

export_environment = TZ MAIL_CONFIG LANG KRB5_KTNAME

in the directory, i am mapping the Kerberos ID to LDAP user object as such:


uid=smtp\/(.*).bpk2.com,cn=bpk2.com,cn=gssapi,cn=auth 
uid=mta,ou=processUsers,ou=Users,dc=bpk2,dc=com


can anyone shed light on where i am going wrong?

thanks in advance,

brendan























					Reply via email to