[Date Prev][Date Next] [Chronological] [Thread] [Top]

Postfix 2.0.16 CRAM/DIGEST-MD5 SMTP AUTH



postfix-2.0.16-20030921 linked against Cyrus SASL
Cyrus SASL 2.1.15
Openldap 2.1.22 linked against Cyrus SASL
ldapdb auxprop 1.9

Aim: Openldap-based CRAM/DIGEST smtp AUTH using 100% Openldap/Cyrus SASL stuff.

Problem: Can't authenticate with ldapdb auxprop 1.9, *can* authenticate with the ldapdb auxprop ldapdb.c in the contrib directory of the Openldap 2.1.22 source tarball. But, the advice was to use the latest CVS code for the ldapdb auxprop, which also includes the starttls code (thanks, Howard :).

Anyone any idea why?

--Tonni
________________________________________________________________________

/usr/lib/sasl2/smtpd.conf:

ldapdb_uri: ldap://
ldapdb_id: admin
ldapdb_pw: adminpassword
ldapdb_starttls: demand
ldapdb_mech: cram-md5

Tail -f /var/log/slapd.log (relevant lines):

Oct 9 15:36:42 billy slapd[28787]: conn=2 fd=21 ACCEPT from IP=127.0.0.1:40661 (IP=0.0.0.0:389)
Oct 9 15:36:42 billy slapd[28792]: conn=2 op=1 BIND dn="" method=163
Oct 9 15:36:42 billy slapd[28792]: conn=2 op=2 BIND dn="" method=163
Oct 9 15:36:42 billy slapd[28792]: conn=2 op=2 BIND authcid="admin"
Oct 9 15:36:42 billy slapd[28792]: conn=2 op=2 BIND dn="cn=admin,dc=billy,dc=demon,dc=nl" mech=CRAM-MD5 ssf=0
Oct 9 15:36:42 billy slapd[28792]: conn=2 op=3 RESULT tag=120 err=47 text=not authorized to assume identity
Oct 9 15:36:42 billy slapd[28792]: do_extended: get_ctrls failed
Oct 9 15:36:42 billy slapd[28792]: conn=2 op=4 UNBIND


/usr/local/etc/openldap/slapd.conf:

sasl-regexp uid=(.*),cn=cram-md5,cn=auth "ldap:///dc=billy,dc=demon,dc=nl??sub?uid=$1";
sasl-regexp uid=(.*),cn=digest-md5,cn=auth "ldap:///dc=billy,dc=demon,dc=nl??sub?uid=$1";


ldapsearch -ZZ -Y cram-md5 -U admin -H ldap:/// -w adminpassword 'uid=tonni'

Tail -f /var/log/slapd.log (relevant lines):

Oct 9 15:52:40 billy slapd[28899]: conn=5 fd=13 ACCEPT from IP=127.0.0.1:40677 (IP=0.0.0.0:389)
Oct 9 15:52:40 billy slapd[28905]: conn=5 op=1 BIND dn="" method=163
Oct 9 15:52:40 billy slapd[28905]: conn=5 op=2 BIND dn="" method=163
Oct 9 15:52:40 billy slapd[28905]: conn=5 op=2 BIND authcid="admin"
Oct 9 15:52:40 billy slapd[28905]: conn=5 op=2 BIND dn="cn=admin,dc=billy,dc=demon,dc=nl" mech=CRAM-MD5 ssf=0
Oct 9 15:52:40 billy slapd[28905]: conn=5 op=3 SRCH base="dc=billy,dc=demon,dc=nl" scope=2 filter="(uid=tonni)"
Oct 9 15:52:40 billy slapd[28905]: conn=5 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
Oct 9 15:52:40 billy slapd[28905]: conn=5 op=4 UNBIND


--Tonni

--
Tony Earnshaw

Once the camel's head has entered your tent,
it's very difficult to stop the rest of the
animal from following it

http://www.billy.demon.nl
Mail: billy-at-billy.demon.nl