Postfix, SASL and LDAPDB: no worthy mech found
hyc at highlandsun.com
Thu May 20 12:03:43 EDT 2010
Dan White wrote:
> On 20/05/10 16:59 +0200, Dieter Kluenter wrote:
>> Julien Vehent<julien at linuxwall.info> writes:
>>> Hello Cyrus folks,
>>> I'm trying to make postfix query slapd through ldapdb/sasl (without
>>> My systems runs on debian squeeze.
>>> I have configured postfix's sasl/smtpd.conf as follow and can see TCP
>>> connections going to slapd.
>>> pwcheck_method: auxprop
>>> auxprop_plugin: ldapdb
>>> mech_list: DIGEST-MD5 PLAIN LOGIN
>>> ldapdb_uri: ldap://localhost
>>> ldapdb_id: postfix
>> this has to be a DN.
> I don't believe that is correct. ldapdb should work with any sasl identity,
> either explicitly specified or derived via GSSAPI or EXTERNAL.
Dieter is wrong. ldapdb_id uses SASL IDs, as plainly documented in the
options.html docs. SASL Binds don't use DNs.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the Cyrus-sasl