Hello Cyrus folks, I'm trying to make postfix query slapd through ldapdb/sasl (without saslauthd). My systems runs on debian squeeze.
I have configured postfix's sasl/smtpd.conf as follow and can see TCP connections going to slapd. ---- pwcheck_method: auxprop auxprop_plugin: ldapdb mech_list: DIGEST-MD5 PLAIN LOGIN ldapdb_uri: ldap://localhost ldapdb_id: postfix ldapdb_pw: zzzzZZZZzzzzzz ldapdb_mech: DIGEST-MD5 ---- note: postfix is a proxy user properly configured and tested. I have installed postfix, postfix-ldap and the following sasl related packages: ---- # dpkg -l "*sasl*"|grep -v none ||/ Name Version +++-=================================-================ ii libsasl2-2 2.1.23.dfsg1-5 ii libsasl2-modules 2.1.23.dfsg1-5 ii libsasl2-modules-ldap 2.1.23.dfsg1-5 ii sasl2-bin 2.1.23.dfsg1-5 ---- But, whatever I do, when I try to authenticate in SMTP using 'auth plain', I get the following error in auth.log: ---- May 20 11:45:48 samchiel postfix/smtpd[30561]: No worthy mechs found ---- And slapd just sees a connection that unbinds right away. ---- May 20 11:45:48 samchiel slapd[1431]: conn=57 fd=17 ACCEPT from IP=127.0.0.1:60613 (IP=127.0.0.1:389) May 20 11:45:48 samchiel slapd[1431]: conn=57 op=0 UNBIND May 20 11:45:48 samchiel slapd[1431]: conn=57 fd=17 closed ---- Why can't smtpd find any worthy mechanism when trying to authenticate to LDAP using the SASL library ? I have already configured this for cyrus-imap ON THE SAME MACHINE (everything is on the same system, slapd, cyrus and postfix), and, obviously, it works just fine. The logs are attached, for information. Can you guys please help me figure out what I did wrong ? Julien
# nc localhost 143 * OK samchiel Cyrus IMAP4 v2.2.13-Debian-2.2.13-19 server ready . login julien xxxXXXXxxxxXXXX . OK User logged in . logout * BYE LOGOUT received . OK Completed # tail /var/log/mail.info May 20 11:38:10 samchiel cyrus/imap[30478]: login: localhost [127.0.0.1] julien plaintext User logged in # tail /var/log/auth.log May 20 11:38:10 samchiel cyrus/imap[30478]: DIGEST-MD5 client step 2 May 20 11:38:10 samchiel cyrus/imap[30478]: DIGEST-MD5 client step 2 May 20 11:38:10 samchiel cyrus/imap[30478]: DIGEST-MD5 client step 3 # grep "11:38:10" /var/log/slapd.log |grep conn May 20 11:38:10 samchiel slapd[1431]: conn=53 fd=17 ACCEPT from IP=127.0.0.1:50793 (IP=127.0.0.1:389) May 20 11:38:10 samchiel slapd[1431]: conn=53 op=0 BIND dn="" method=163 May 20 11:38:10 samchiel slapd[1431]: conn=53 op=0 RESULT tag=97 err=14 text=SASL(0): successful result: May 20 11:38:10 samchiel slapd[1431]: conn=53 op=1 BIND dn="" method=163 May 20 11:38:10 samchiel slapd[1431]: conn=53 op=1 BIND authcid="cyrus" authzid="cyrus" May 20 11:38:10 samchiel slapd[1431]: conn=53 op=1 BIND dn="cn=cyrus administrator,ou=infrastructure,dc=linuxwall,dc=info" mech=DI GEST-MD5 sasl_ssf=128 ssf=128 May 20 11:38:10 samchiel slapd[1431]: conn=53 op=1 RESULT tag=97 err=0 text= May 20 11:38:10 samchiel slapd[1431]: conn=53 op=2 PROXYAUTHZ dn="cn=julien vehent,ou=people,dc=linuxwall,dc=info" May 20 11:38:10 samchiel slapd[1431]: conn=53 op=2 EXT oid=1.3.6.1.4.1.4203.1.11.3 May 20 11:38:10 samchiel slapd[1431]: conn=53 op=2 WHOAMI May 20 11:38:10 samchiel slapd[1431]: conn=53 op=2 RESULT oid= err=0 text= May 20 11:38:10 samchiel slapd[1431]: conn=53 op=3 PROXYAUTHZ dn="cn=julien vehent,ou=people,dc=linuxwall,dc=info" May 20 11:38:10 samchiel slapd[1431]: conn=53 op=3 SRCH base="cn=julien vehent,ou=people,dc=linuxwall,dc=info" scope=0 deref=0 fil ter="(objectClass=*)" May 20 11:38:10 samchiel slapd[1431]: conn=53 op=3 SRCH attr=userPassword cmusaslsecretPLAIN May 20 11:38:10 samchiel slapd[1431]: conn=53 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= May 20 11:38:10 samchiel slapd[1431]: conn=53 op=4 UNBIND May 20 11:38:10 samchiel slapd[1431]: conn=53 fd=17 closed
