Postfix, SASL/SASL2 and LDAP

Simon Matter simon.matter at ch.sauter-bc.com
Sun Sep 28 07:18:57 EDT 2003 

Hi Diego,

I ran into the same problem several times because I simply couldn't
believe this limitation exists. I always thought it was a mistake on my
side.

I'm using OpenLDAP, Cyrus-sasl, Cyrus-IMAPd and Postfix. I'm using RedHat
so I'm also using OpenLDAP 2.0.x! This results in the following
limitation:
- If I use Postfix with LDAP, I build it with support for LDAP and SASL1.
- If I use Postfix with SMTP-AUTH, I build it with SASL2 and TLS, NO LDAP.

I hope this will not be needed anymore when OpenLDAP 2.1.x becomes the
standard in newer distributions.

Simon

> Hello all
>
> First - for reference, I run Mandrake 9.1 PowerPack.
>
> I have a rather complex problem:  turns out I recompiled postfix to use
> SASL2 so I could use saslauthd (the 1.5 SASL libs that come with
> Mandrake 9.1 don't seem to like saslauthd - can't recall if they ever
> worked with it or not).
>
> Now the can of worms shows itself: when NOT using LDAP (via nss_ldap),
> Postfix works fine and authenticates beautifully.  When LDAP is thrown
> into the mix (at ANY level) Postfix goes insane with segfaults.
>
> Upon further checking it seems libldap uses libsasl7, but NOT libsasl2
> (the one that Postfix uses).  I tried recompiling LDAP to use libsasl2
> (OpenLDAP 2.0.27), but no luck - won't work with it.
>
> I haven't tried the OpenLDAP 2.1.X branch yet and I don't mean to just
> yet, cuz it would mean I'd have to maintain it for security updates.
> But it is an option.  I don't even know if that branch uses SASL2 or
> what.
>
> So my problem is that both versions of SASL libraries are getting mixed
> up.   I'm no genius, but I KNOW this tends to be a problem in general.
>
> My question is: am I totally screwed?  Will I be forced to go to
> OpenLDAP 2.1.X and recompile EVERYTHING that touches LDAP (especially
> hoping that 2.1.X is backward-compatible with 2.0.X)?
>
> HELP!!!
>
> Best wishes,
>
> Diego
> --
> ==========================================================* Diego Rivera
>                                          *
> *                                                         *
> * "The Disease: Windows, the cure: Linux"                 *
> *                                                         *
> * E-mail: lrivera<AT>racsa<DOT>co<DOT>cr                  *
> * Replace: <AT>='@', <DOT>='.'                            *
> *                                                         *
> * GPG: BE59 5469 C696 C80D FF5C  5926 0B36 F8FF DA98 62AD *
> * GPG Public Key avaliable at: http://pgp.mit.edu         *
> ==========================================================


-- 
Simon Matter              Tel:  +41 61 695 57 35
Fr.Sauter AG / CIT        Fax:  +41 61 695 53 30
Im Surinam 55
CH-4016 Basel             [mailto:simon.matter at ch.sauter-bc.com]

More information about the Info-cyrus mailing list