Re: sasl issue - but I don't want sasl atm

[Da Rock <rock_on_the_web@comcen.com.au>]

On Thu, 2009-04-02 at 12:55 +0200, Michael Ströder wrote:
> Da Rock wrote:
> > On Thu, 2009-04-02 at 09:59 +0200, Buchan Milne wrote:
> >> On Wednesday 01 April 2009 10:44:56 Da Rock wrote:
> >>> On Wed, 2009-04-01 at 01:48 +0200, Michael Ströder wrote:
> >>>> Da Rock wrote:
> >>>>> so I'm trying to
> >>>>> work out how to setup the system to do a simple bind
> >>>> ldapsearch -x -D <bind-DN>
> >>> I know that, thanks, but this is affecting other apps from obtaining
> >>> data from the system. I can also just go ldapsearch -x for anonymous. It
> >>> appears I'm all in or bust! Unless I can set it up so apps can do simple
> >>> bind...
> >> If you can do a simple bind (anonymous, or authenticated), there (in most 
> >> cases) is nothing preventing other applications from doing simple binds. 
> >> Having SASL support compiled in to the server does not prevent other 
> >> applications for doing simple binds.
> >>
> >> Maybe you should provide more information about the applications in question, 
> >> and how they are configured.
> >>
> >> (Note: In the past Apple's LDAP client software for Mac OS seems to use 
> >> whichever SASL mechanisms are advertised by the LDAP server, but this again 
> >> isn't about SASL support being compiled in or not).
> > 
> > Thats what I would have figured, yet I get no joy, nothing I can see out
> > of the ordinary in the logs, and all the apps are auth types (courier,
> > pam, postfix)- plus records for bind.
> > 
> > Bind doesn't bind to the ldap, and I'm trying to setup the others to do
> > the same. Obviously, courier has to bind to confirm auth- but only as
> > the user (not bind as courier, then again as the user).
> > 
> > Bind works: tested that myself. The others fail miserably.
> > 
> > I'm not entirely sure what else I need to add exactly, the platform is
> > freebsd with openldap built with sasl from ports.
> > 
> > Before anyone suggests it, I already have a mail server running
> > (postfix, courier); I want ldap as lookup source to ease administration.
> > The pam is completely new to me, I'm following a lot of howtos on the
> > web to compile a picture of how it all works.
> > 
> > Now as to pam, I thought it must be my ineptitude in configuration, so I
> > put it on hold and moved to something easier. Unfortunately I hit a
> > similar snag there with the imap auth, hence I looked at the ldapsearch
> > angle. Seems I could be wrong there based on comments received....
> 
> Sorry, nothing in your postings gives enough information to help you.
> 
> Posting *relevant* excerpts of configuration and log files and some more
> information about the client applications is quite helpful.

Sorry I'm being a PITA, but I'm really not sure what I can/need post. 

Postfix/courier simply connect and request information based on filters.
Binding is only necessary (apparently) to authenticate a user (Courier).
The filter looks for (usually) the mailbox name/alias and whether the
account is active, the physical maildir, etc.

Logs don't appear to be showing much- nothing I can tell anyway.

The problem is mainly to do with auth. Perhaps the best idea is to point
me to some reputable and reliable sources of information on how to do
this? I'll try and struggle along on my own until I have some more
firmer evidence.

Thanks for your help so far.