[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Postfix 2.0.16 CRAM/DIGEST-MD5 SMTP AUTH
Howard Chu wrote:
No..... The regexp is fine, your "admin" user doesn't have proxy
authorization privileges.
Try using ldapwhoami, you'll see that your setup (without the regexp $1) is
now incorrect.
ldapwhoami -ZZ -Y digest-md5 -U admin -X u:tonni -H ldap:///
Hmmm ... that admin proxy is one of two I've used since day one of
Openldap, just about. He works for everything - pam_ldap, Exim, SASL
2.1.13, name it.
with:
sasl-regexp uid=(.*),cn=.*,cn=auth
"ldap:///dc=billy,dc=demon,dc=nl??sub?uid=admin"
SASL/DIGEST-MD5 authentication started
Please enter your password:
SASL username: u:tonni
SASL SSF: 128
SASL installing layers
dn:cn=admin,dc=billy,dc=demon,dc=nl
with:
sasl-regexp uid=(.*),cn=.*,cn=auth
"ldap:///dc=billy,dc=demon,dc=nl??sub?uid=$1"
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Insufficient access (50)
additional info: SASL(-14): authorization failure: not authorized
And Howard's ldapdb auxprop 1.9 still doesn't work, get the
same fault.
The ldapdb auxprop requires proxy authorization privileges, as it states in
the README file.
I'll recompile the old one today and come back afterward. It's
important for Postfix that there is ldap-based MD5 AUTH with standard
(???!) - i.e. not 2.1.13 patched auxprop SASL libs, since these don't
seem to work on RH 9.0 for some reason.
Thanks for stepping in!
--Tonni
--
Tony Earnshaw
Once the camel's head has entered your tent,
it's very difficult to stop the rest of the
animal from following it
http://www.billy.demon.nl
Mail: billy-at-billy.demon.nl