Postfix, SASL and LDAPDB: no worthy mech found
Julien Vehent
julien at linuxwall.info
Thu May 20 09:40:46 EDT 2010
Hello Cyrus folks,
I'm trying to make postfix query slapd through ldapdb/sasl (without
saslauthd).
My systems runs on debian squeeze.
I have configured postfix's sasl/smtpd.conf as follow and can see TCP
connections going to slapd.
----
pwcheck_method: auxprop
auxprop_plugin: ldapdb
mech_list: DIGEST-MD5 PLAIN LOGIN
ldapdb_uri: ldap://localhost
ldapdb_id: postfix
ldapdb_pw: zzzzZZZZzzzzzz
ldapdb_mech: DIGEST-MD5
----
note: postfix is a proxy user properly configured and tested.
I have installed postfix, postfix-ldap and the following sasl related
packages:
----
# dpkg -l "*sasl*"|grep -v none
||/ Name Version
+++-=================================-================
ii libsasl2-2 2.1.23.dfsg1-5
ii libsasl2-modules 2.1.23.dfsg1-5
ii libsasl2-modules-ldap 2.1.23.dfsg1-5
ii sasl2-bin 2.1.23.dfsg1-5
----
But, whatever I do, when I try to authenticate in SMTP using 'auth plain',
I get the following error in auth.log:
----
May 20 11:45:48 samchiel postfix/smtpd[30561]: No worthy mechs found
----
And slapd just sees a connection that unbinds right away.
----
May 20 11:45:48 samchiel slapd[1431]: conn=57 fd=17 ACCEPT from
IP=127.0.0.1:60613 (IP=127.0.0.1:389)
May 20 11:45:48 samchiel slapd[1431]: conn=57 op=0 UNBIND
May 20 11:45:48 samchiel slapd[1431]: conn=57 fd=17 closed
----
Why can't smtpd find any worthy mechanism when trying to authenticate to
LDAP using the SASL library ?
I have already configured this for cyrus-imap ON THE SAME MACHINE
(everything is on the same system, slapd, cyrus and postfix), and,
obviously, it works just fine. The logs are attached, for information.
Can you guys please help me figure out what I did wrong ?
Julien
-------------- next part --------------
# nc localhost 143
* OK samchiel Cyrus IMAP4 v2.2.13-Debian-2.2.13-19 server ready
. login julien xxxXXXXxxxxXXXX
. OK User logged in
. logout
* BYE LOGOUT received
. OK Completed
# tail /var/log/mail.info
May 20 11:38:10 samchiel cyrus/imap[30478]: login: localhost [127.0.0.1] julien plaintext User logged in
# tail /var/log/auth.log
May 20 11:38:10 samchiel cyrus/imap[30478]: DIGEST-MD5 client step 2
May 20 11:38:10 samchiel cyrus/imap[30478]: DIGEST-MD5 client step 2
May 20 11:38:10 samchiel cyrus/imap[30478]: DIGEST-MD5 client step 3
# grep "11:38:10" /var/log/slapd.log |grep conn
May 20 11:38:10 samchiel slapd[1431]: conn=53 fd=17 ACCEPT from IP=127.0.0.1:50793 (IP=127.0.0.1:389)
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=0 BIND dn="" method=163
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=0 RESULT tag=97 err=14 text=SASL(0): successful result:
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=1 BIND dn="" method=163
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=1 BIND authcid="cyrus" authzid="cyrus"
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=1 BIND dn="cn=cyrus administrator,ou=infrastructure,dc=linuxwall,dc=info" mech=DI
GEST-MD5 sasl_ssf=128 ssf=128
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=1 RESULT tag=97 err=0 text=
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=2 PROXYAUTHZ dn="cn=julien vehent,ou=people,dc=linuxwall,dc=info"
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=2 EXT oid=1.3.6.1.4.1.4203.1.11.3
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=2 WHOAMI
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=2 RESULT oid= err=0 text=
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=3 PROXYAUTHZ dn="cn=julien vehent,ou=people,dc=linuxwall,dc=info"
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=3 SRCH base="cn=julien vehent,ou=people,dc=linuxwall,dc=info" scope=0 deref=0 fil
ter="(objectClass=*)"
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=3 SRCH attr=userPassword cmusaslsecretPLAIN
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
May 20 11:38:10 samchiel slapd[1431]: conn=53 op=4 UNBIND
May 20 11:38:10 samchiel slapd[1431]: conn=53 fd=17 closed
More information about the Cyrus-sasl
mailing list