[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Postfix 2.0.16 CRAM/DIGEST-MD5 SMTP AUTH
postfix-2.0.16-20030921 linked against Cyrus SASL
Cyrus SASL 2.1.15
Openldap 2.1.22 linked against Cyrus SASL
ldapdb auxprop 1.9
Aim: Openldap-based CRAM/DIGEST smtp AUTH using 100% Openldap/Cyrus SASL
stuff.
Problem: Can't authenticate with ldapdb auxprop 1.9, *can* authenticate
with the ldapdb auxprop ldapdb.c in the contrib directory of the
Openldap 2.1.22 source tarball. But, the advice was to use the latest
CVS code for the ldapdb auxprop, which also includes the starttls code
(thanks, Howard :).
Anyone any idea why?
--Tonni
________________________________________________________________________
/usr/lib/sasl2/smtpd.conf:
ldapdb_uri: ldap://
ldapdb_id: admin
ldapdb_pw: adminpassword
ldapdb_starttls: demand
ldapdb_mech: cram-md5
Tail -f /var/log/slapd.log (relevant lines):
Oct 9 15:36:42 billy slapd[28787]: conn=2 fd=21 ACCEPT from
IP=127.0.0.1:40661 (IP=0.0.0.0:389)
Oct 9 15:36:42 billy slapd[28792]: conn=2 op=1 BIND dn="" method=163
Oct 9 15:36:42 billy slapd[28792]: conn=2 op=2 BIND dn="" method=163
Oct 9 15:36:42 billy slapd[28792]: conn=2 op=2 BIND authcid="admin"
Oct 9 15:36:42 billy slapd[28792]: conn=2 op=2 BIND
dn="cn=admin,dc=billy,dc=demon,dc=nl" mech=CRAM-MD5 ssf=0
Oct 9 15:36:42 billy slapd[28792]: conn=2 op=3 RESULT tag=120 err=47
text=not authorized to assume identity
Oct 9 15:36:42 billy slapd[28792]: do_extended: get_ctrls failed
Oct 9 15:36:42 billy slapd[28792]: conn=2 op=4 UNBIND
/usr/local/etc/openldap/slapd.conf:
sasl-regexp uid=(.*),cn=cram-md5,cn=auth
"ldap:///dc=billy,dc=demon,dc=nl??sub?uid=$1"
sasl-regexp uid=(.*),cn=digest-md5,cn=auth
"ldap:///dc=billy,dc=demon,dc=nl??sub?uid=$1"
ldapsearch -ZZ -Y cram-md5 -U admin -H ldap:/// -w adminpassword
'uid=tonni'
Tail -f /var/log/slapd.log (relevant lines):
Oct 9 15:52:40 billy slapd[28899]: conn=5 fd=13 ACCEPT from
IP=127.0.0.1:40677 (IP=0.0.0.0:389)
Oct 9 15:52:40 billy slapd[28905]: conn=5 op=1 BIND dn="" method=163
Oct 9 15:52:40 billy slapd[28905]: conn=5 op=2 BIND dn="" method=163
Oct 9 15:52:40 billy slapd[28905]: conn=5 op=2 BIND authcid="admin"
Oct 9 15:52:40 billy slapd[28905]: conn=5 op=2 BIND
dn="cn=admin,dc=billy,dc=demon,dc=nl" mech=CRAM-MD5 ssf=0
Oct 9 15:52:40 billy slapd[28905]: conn=5 op=3 SRCH
base="dc=billy,dc=demon,dc=nl" scope=2 filter="(uid=tonni)"
Oct 9 15:52:40 billy slapd[28905]: conn=5 op=3 SEARCH RESULT tag=101
err=0 nentries=1 text=
Oct 9 15:52:40 billy slapd[28905]: conn=5 op=4 UNBIND
--Tonni
--
Tony Earnshaw
Once the camel's head has entered your tent,
it's very difficult to stop the rest of the
animal from following it
http://www.billy.demon.nl
Mail: billy-at-billy.demon.nl