-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Martin Fahrendorf wrote: > Am Donnerstag, 26. Juni 2003 11:14 schrieb Buchan Milne:
> > why are you using this crude saslauthd? There is a patch from Howard Chu (I > think) which adds a sasl ldap auxprop to sasl. So you can direcly auth > against ldap. No need to go the way over another server. The ldapdb auxprop > is part of the ldap 2.1.1* version of ldap. > OK, I have now added the ldapdb plugin from openldap-2.1.22 to cyrus-sasl2: http://ranger.dnsalias.com/mandrake/cooker/cyrus-sasl2-2.1.13-2mdk.src.rpm But I am not sure if I have it configured right (in fact I suspect I don't). Not knowing too much about SASL myself, can you summarise what is needed? At present I have: - -added a sasl-regexp to my slapd.conf on my ldap server - -put the following in my /usr/lib/sasl2/smtpd.conf: pwcheck_method: ldapdb ldapdb_uri: ldapi://bgmilne.cae.co.za ldapdb_mech: EXTERNAL (I can't add a local slave to the box that I am testing postfix on at present, so bgmilne.cae.co.za is really the ldap server on my cooker box which I added the sasl-regexp to) - -put the smtpd_sasl stuff into my main.cf Now, I get the following in the postfix logs: Jul 1 21:55:38 hermes postfix/smtpd[11673]: warning: SASL authentication failure: no secret in database Jul 1 21:55:38 hermes postfix/smtpd[11673]: warning: bgmilne.cae.co.za[146.232.174.36]: SASL CRAM-MD5 authentication failed Jul 1 21:55:39 hermes postfix/smtpd[11673]: warning: SASL authentication problem: unknown password verifier Jul 1 21:55:39 hermes postfix/smtpd[11673]: warning: SASL authentication failure: Password verification failed Jul 1 21:55:39 hermes postfix/smtpd[11673]: warning: bgmilne.cae.co.za[146.232.174.36]: SASL PLAIN authentication failed Jul 1 21:55:40 hermes postfix/smtpd[11673]: warning: SASL authentication problem: unknown password verifier Jul 1 21:55:40 hermes postfix/smtpd[11673]: warning: bgmilne.cae.co.za[146.232.174.36]: SASL LOGIN authentication failed I bumped up the log level on my slapd, and get no queries coming through when postfix tries authenticating. I guess I should have started off with a working configuration before updating so many packages ... but maybe I will try that at home ... OK, I tried with "pwcheck_method: pam", and it doesn't work either ... time to go home ... BTW, I really think sasl has about the worst documentation of any of the server-side software ... Regards, Buchan - -- |--------------Another happy Mandrake Club member--------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/AemgrJK6UGDSBKcRAsLXAKCyhXYPTkSxbFz9tx+iQK2vFKWbxwCfQsL0 laesZi1mS9Z1su5MTWDNsV0= =JdxV -----END PGP SIGNATURE----- ****************************************************************** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ******************************************************************
