On Mon, Apr 27, 2020 at 12:25:06AM +0000, Bandaru, Vamsi wrote:
> > LDAP auxprop plugin. Did you install it?
>
> Yes , these are the installed packages on my side for Cyrus-Sasl
>
> cyrus-sasl-2.1.26-23.el7.x86_64
> cyrus-sasl-devel-2.1.26-23.el7.x86_64
>
> cyrus-sasl-ldap-2.1.26-23.el7.x86_64 >>>
> ( Description : The cyrus-sasl-ldap package contains the Cyrus SASL plugin
> which supports using
> : a directory server, accessed using LDAP, for storing shared
> secrets.
> )
On a Fedora 31 system I see:
cyrus-sasl-ldap.x86_64 : LDAP auxprop support for Cyrus SASL
Name : cyrus-sasl-ldap
Version : 2.1.27
Release : 3.fc31
Architecture : x86_64
Size : 20 k
Source : cyrus-sasl-2.1.27-3.fc31.src.rpm
Repository : updates
Summary : LDAP auxprop support for Cyrus SASL
URL : https://www.cyrusimap.org/sasl/
License : BSD with advertising
Description : The cyrus-sasl-ldap package contains the Cyrus SASL plugin
which supports using
: a directory server, accessed using LDAP, for storing shared
secrets.
So, yes that looks like the right one. But...[
> - have added 'postfix' user to the ' saslauthd ' group .
That's likely unnecessary. I think you're trying to use LDAP directly
from the SASL library, not saslauthd.
> When I run : ps -ef | grep saslauthd
>
> /usr/sbin/saslauthd -m /run/saslauthd -a ldap -r
> /usr/sbin/saslauthd -m /run/saslauthd -a ldap -r
> /usr/sbin/saslauthd -m /run/saslauthd -a ldap -r
> /usr/sbin/saslauthd -m /run/saslauthd -a ldap -r
I don't see how that's relevant, if Postfix were to use saslauthd, it
would not be directly loading the LDAP plugin. You need to decide
between saslauthd and direct use of the plugin.
> Some blogs suggest moving the ' /run/saslauthd ' file to under '
> /var/spool/postfix '
Don't pay attention to bad advice. Once they start suggesting ad-hoc
restructuring of your filesystem, make a mental note they're incompetent
and move on.
> Suggested steps :
>
> rm -r /var/run/saslauthd/
> mkdir -p /var/spool/postfix/var/run/saslauthd
> ln -s /var/spool/postfix/var/run/saslauthd /var/run
> chgrp sasl /var/spool/postfix/var/run/saslauthd
> adduser postfix sasl
>
> I am not sure if I have to do this .
Your scepticism is healthy.
> My permissions under
>
> # ll /run/saslauthd
> srwxrwxrwx. 1 root root 0 Apr 26 06:54 mux
> -rw-------. 1 root root 0 Apr 26 06:54 mux.accept
> -rw-------. 1 root root 6 Apr 26 06:54 saslauthd.pid
But you have "pwcheck_method: auxprop", which is not saslauthd,
so saslauthd is irrelevant.
> postfix/submission/smtpd[94812]: _sasl_plugin_load failed on
> sasl_auxprop_plug_init for plugin: ldapdb
> postfix/submission/smtpd[94812]: _sasl_plugin_load failed on
> sasl_canonuser_init for plugin: ldapdb
Perhaps you sasl library directory is not set correctly. Do you have a
custom setting of "cyrus_sasl_config_path"? Did you ever post full
"postconf -nf" and "postconf -Mf" output.
On Fedora systems, the SASL plugins are generally in: /usr/lib64/sasl2
with configuration files in: /etc/sasl2
What are the permissions on these? What are the library dependencies of
your /usr/libexec/postfix/smtpd llbrary (from "ldd")?
What are the library dependencies of the SASL ldap plugin?
> could you suggest if I have to move : ' /run/saslauthd ' file to under '
> /var/spool/postfix ' for postfix to load the plugin .
Nothing of the sort is necessary or wise.
--
Viktor.
