On 12/10/2020 13:02, natan wrote:
> Hi
> I have all users in openldap. In openldap I have password crypt+base64
>
> after decoding base64 :
> {CRYPT}$1$AvMW4io/$DDq..................
>
> In postfix auth via saslauthd:
>
> cat /etc/saslauthd.conf
> ....
> ldap_auth_method: custom
> ldap_filter:
> (&(objectClass=qMailUser)(|(mail=%u%R)(mailAlternateAddress=%u%R)))
> ....
>
> cat /etc/sasl2/smtpd.conf
> ....
> pwcheck_method: saslauthd
> saslauthd_path: /run/saslauthd/mux
> mech_list: plain login
> log_level: 1
> ...
>
> all works fine
>
> I must migrate all from openldap to mysql 1:1 ant I have a questions:
>
> What I must use "type auth" in mysqldb if i have use this same rekord in
> "password" ?
>
> i thinking:
> |user |
> password |
> |exam...@domain.com | {CRYPT}$1$AvMW4io/$DDq .... |
>
> maby:
> |user |
> password |
> |exam...@domain.com | $1$AvMW4io/$DDq .... |
>
> or other ?
>
> I cannot change password - I must moved all from openldap to mysql
>
> --
>
Natan
If you want to continue using saslauthd you will need further
configuration to point it at mysql (for example pam_mysql) which has
it's own set of configuration parameters for indicating the password
format. I can't tell you whether in that case you need to prefix the
passwords with the encryption type, but I guess not since there's a
parameter for selecting it.
You could also evaluate replacing saslauthd, which is an extra daemon
that needs to be running and use the auxprop sasl method with sql
plugin. In this case you'll need to put the encryption mechanism prefix,
for example {MD5-CRYPT}$1$AvMW4io/$DDq if those are indeed MD5 crypts as
I suspect.
John
