[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Postfix 2.0.16 CRAM/DIGEST-MD5 SMTP AUTH



Howard Chu wrote:

No..... The regexp is fine, your "admin" user doesn't have proxy
authorization privileges.

Try using ldapwhoami, you'll see that your setup (without the regexp $1) is
now incorrect.
  ldapwhoami  -ZZ -Y digest-md5 -U admin -X u:tonni -H ldap:///

Hmmm ... that admin proxy is one of two I've used since day one of Openldap, just about. He works for everything - pam_ldap, Exim, SASL 2.1.13, name it.


with:

sasl-regexp uid=(.*),cn=.*,cn=auth "ldap:///dc=billy,dc=demon,dc=nl??sub?uid=admin";

SASL/DIGEST-MD5 authentication started
Please enter your password:
SASL username: u:tonni
SASL SSF: 128
SASL installing layers
dn:cn=admin,dc=billy,dc=demon,dc=nl

with:

sasl-regexp uid=(.*),cn=.*,cn=auth "ldap:///dc=billy,dc=demon,dc=nl??sub?uid=$1";

SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Insufficient access (50)
	additional info: SASL(-14): authorization failure: not authorized

And Howard's ldapdb auxprop 1.9 still doesn't work, get the
same fault.

The ldapdb auxprop requires proxy authorization privileges, as it states in the README file.

I'll recompile the old one today and come back afterward. It's important for Postfix that there is ldap-based MD5 AUTH with standard (???!) - i.e. not 2.1.13 patched auxprop SASL libs, since these don't seem to work on RH 9.0 for some reason.


Thanks for stepping in!

--Tonni

--
Tony Earnshaw

Once the camel's head has entered your tent,
it's very difficult to stop the rest of the
animal from following it

http://www.billy.demon.nl
Mail: billy-at-billy.demon.nl