Postfix, SASL and LDAPDB: no worthy mech found

Howard Chu hyc at
Thu May 20 12:03:43 EDT 2010

Dan White wrote:
> On 20/05/10 16:59 +0200, Dieter Kluenter wrote:
>> Julien Vehent<julien at>  writes:
>>> Hello Cyrus folks,
>>> I'm trying to make postfix query slapd through ldapdb/sasl (without
>>> saslauthd).
>>> My systems runs on debian squeeze.
>>> I have configured postfix's sasl/smtpd.conf as follow and can see TCP
>>> connections going to slapd.
>>> ----
>>> pwcheck_method: auxprop
>>> auxprop_plugin: ldapdb
>>> mech_list: DIGEST-MD5 PLAIN LOGIN
>>> ldapdb_uri: ldap://localhost
>>> ldapdb_id: postfix
>> ^^^^^^^^^^^^^^^^^^^^^
>> this has to be a DN.
> I don't believe that is correct. ldapdb should work with any sasl identity,
> either explicitly specified or derived via GSSAPI or EXTERNAL.

Dieter is wrong. ldapdb_id uses SASL IDs, as plainly documented in the 
options.html docs. SASL Binds don't use DNs.

   -- Howard Chu
   CTO, Symas Corp. 
   Director, Highland Sun
   Chief Architect, OpenLDAP

More information about the Cyrus-sasl mailing list