Postfix, SASL and LDAPDB: no worthy mech found
Julien Vehent
julien at linuxwall.info
Fri May 21 07:15:42 EDT 2010
On Thu, 20 May 2010 18:48:33 +0200, Julien Vehent <julien at linuxwall.info>
wrote:
> I removed the chroot and I see DIGEST-MD5 negociation. It still doesn't
> work but that already a great progression ! Thanks a lot.
>
Well, apparently, I'm not done with this yet...
I copied the content of /usr/lib/sasl2 into /var/run/postfix/usr/lib/sasl2
and I can now authenticate in DIGEST-MD5 with user postfix on the ldap
directory.
The logs of slapd (and the network dump) are confirming this, postfix
negociates the DIGEST-MD5 and is authenticated.
However, The authentication of my user still doesn't work. Postfix is
telling me :
----
May 21 12:56:44 samchiel postfix/smtpd[11862]: warning: SASL
authentication failure: Password verification failed
May 21 12:56:44 samchiel postfix/smtpd[11862]: warning:
localhost[127.0.0.1]: SASL plain authentication failed: authentication
failure
May 21 12:56:44 samchiel postfix/smtpd[11862]: > localhost[127.0.0.1]: 535
5.7.8 Error: authentication failed: authentication failure
----
And Slapd has this weird message:
----
May 21 12:56:44 samchiel slapd[1431]: conn=79 op=2 RESULT tag=120 err=123
text=not authorized to assume identity
----
While the proxy authorization is properly configured in the directory:
----
# ldapwhoami -Y DIGEST-MD5 -U postfix -H ldap://localhost -R
linuxwall.info -X u:julien
SASL/DIGEST-MD5 authentication started
Please enter your password:
SASL username: u:julien
SASL SSF: 128
SASL data security layer installed.
dn:cn=julien vehent,ou=people,dc=linuxwall,dc=info
----
note: I also tried to un-chroot all processes, just in case, but the
result is the same.
I re-read the Postfix SASL howto and I'm quite confinced that my
configuration is fine (but once again, you're never a 100% sure).
Any idea ?
Julien
More information about the Cyrus-sasl
mailing list