[Date Prev][Date Next] [Chronological] [Thread] [Top]

Postfix 2.0.16 CRAM/DIGEST-MD5 SMTP AUTH

To: openldap-software@OpenLDAP.org
Subject: Postfix 2.0.16 CRAM/DIGEST-MD5 SMTP AUTH
From: Tony Earnshaw <tonni@billy.demon.nl>
Date: Thu, 09 Oct 2003 16:10:48 +0200
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624

postfix-2.0.16-20030921 linked against Cyrus SASL
Cyrus SASL 2.1.15
Openldap 2.1.22 linked against Cyrus SASL
ldapdb auxprop 1.9

Aim: Openldap-based CRAM/DIGEST smtp AUTH using 100% Openldap/Cyrus SASL stuff.

Problem: Can't authenticate with ldapdb auxprop 1.9, *can* authenticate with the ldapdb auxprop ldapdb.c in the contrib directory of the Openldap 2.1.22 source tarball. But, the advice was to use the latest CVS code for the ldapdb auxprop, which also includes the starttls code (thanks, Howard :).

Anyone any idea why?

--Tonni
________________________________________________________________________

/usr/lib/sasl2/smtpd.conf:

ldapdb_uri: ldap://
ldapdb_id: admin
ldapdb_pw: adminpassword
ldapdb_starttls: demand
ldapdb_mech: cram-md5

Tail -f /var/log/slapd.log (relevant lines):

Oct 9 15:36:42 billy slapd[28787]: conn=2 fd=21 ACCEPT from IP=127.0.0.1:40661 (IP=0.0.0.0:389) Oct 9 15:36:42 billy slapd[28792]: conn=2 op=1 BIND dn="" method=163 Oct 9 15:36:42 billy slapd[28792]: conn=2 op=2 BIND dn="" method=163 Oct 9 15:36:42 billy slapd[28792]: conn=2 op=2 BIND authcid="admin" Oct 9 15:36:42 billy slapd[28792]: conn=2 op=2 BIND dn="cn=admin,dc=billy,dc=demon,dc=nl" mech=CRAM-MD5 ssf=0 Oct 9 15:36:42 billy slapd[28792]: conn=2 op=3 RESULT tag=120 err=47 text=not authorized to assume identity Oct 9 15:36:42 billy slapd[28792]: do_extended: get_ctrls failed Oct 9 15:36:42 billy slapd[28792]: conn=2 op=4 UNBIND

/usr/local/etc/openldap/slapd.conf:

sasl-regexp uid=(.*),cn=cram-md5,cn=auth "ldap:///dc=billy,dc=demon,dc=nl??sub?uid=$1"; sasl-regexp uid=(.*),cn=digest-md5,cn=auth "ldap:///dc=billy,dc=demon,dc=nl??sub?uid=$1";

ldapsearch -ZZ -Y cram-md5 -U admin -H ldap:/// -w adminpassword 'uid=tonni'

Tail -f /var/log/slapd.log (relevant lines):

Oct 9 15:52:40 billy slapd[28899]: conn=5 fd=13 ACCEPT from IP=127.0.0.1:40677 (IP=0.0.0.0:389) Oct 9 15:52:40 billy slapd[28905]: conn=5 op=1 BIND dn="" method=163 Oct 9 15:52:40 billy slapd[28905]: conn=5 op=2 BIND dn="" method=163 Oct 9 15:52:40 billy slapd[28905]: conn=5 op=2 BIND authcid="admin" Oct 9 15:52:40 billy slapd[28905]: conn=5 op=2 BIND dn="cn=admin,dc=billy,dc=demon,dc=nl" mech=CRAM-MD5 ssf=0 Oct 9 15:52:40 billy slapd[28905]: conn=5 op=3 SRCH base="dc=billy,dc=demon,dc=nl" scope=2 filter="(uid=tonni)" Oct 9 15:52:40 billy slapd[28905]: conn=5 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= Oct 9 15:52:40 billy slapd[28905]: conn=5 op=4 UNBIND

--Tonni

--
Tony Earnshaw

Once the camel's head has entered your tent,
it's very difficult to stop the rest of the
animal from following it

http://www.billy.demon.nl
Mail: billy-at-billy.demon.nl

Follow-Ups:
- Re: Postfix 2.0.16 CRAM/DIGEST-MD5 SMTP AUTH
  - From: Igor Brezac <igor@ipass.net>

Prev by Date: RE: Trying to get the ldapdb plugin working.
Next by Date: Re: Managing documents
Index(es):
- Chronological
- Thread