Re: Postfix 2.0.16 CRAM/DIGEST-MD5 SMTP AUTH

[Tony Earnshaw <tonni@billy.demon.nl>]

Igor Brezac wrote:

> You cannot use cram-md5, it does not support proxy authorization.  Use
> PLAIN or DIGEST-MD5.

O.k. digest-md5, then. I distrust plain, even with STARTTLS.

> You can make this one regex
>
> sasl-regexp uid=(.*),cn=.*,cn=auth
>   "ldap:///dc=billy,dc=demon,dc=nl??sub?uid=$1";

Done.

> make sure the follwing works:
>
> ldapsearch  -ZZ -Y digest-md5 -U admin -X u:tonni -H ldap:/// -w
> adminpassword 'objectclass=*' dn

Hmmm ... it doesn't. cram-md5 does, but you've already told me that it's 
not what I'm looking for.

SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Insufficient access (50)
	additional info: SASL(-14): authorization failure: not authorized

I wonder why. You've already got me reading the relevant bits of 
ldapsearch and slapd.conf, so that I now understand better what's going 
on and why.

I shall have to keep on reading. Thanks, Igor. I'll come back if I can't 
work it out for myself. Maybe tomorrow.

--Tonni

--
Tony Earnshaw

Once the camel's head has entered your tent,
it's very difficult to stop the rest of the
animal from following it

http://www.billy.demon.nl
Mail: billy-at-billy.demon.nl