Re: Postfix 2.0.16 CRAM/DIGEST-MD5 SMTP AUTH

[Tony Earnshaw <tonni@billy.demon.nl>]

Howard Chu wrote:

> No..... The regexp is fine, your "admin" user doesn't have proxy
> authorization privileges.
>
> Try using ldapwhoami, you'll see that your setup (without the regexp $1) is
> now incorrect.
>   ldapwhoami  -ZZ -Y digest-md5 -U admin -X u:tonni -H ldap:///

Hmmm ... that admin proxy is one of two I've used since day one of 
Openldap, just about. He works for everything - pam_ldap, Exim, SASL 
2.1.13, name it.

with:

sasl-regexp uid=(.*),cn=.*,cn=auth 
"ldap:///dc=billy,dc=demon,dc=nl??sub?uid=admin";

SASL/DIGEST-MD5 authentication started
Please enter your password:
SASL username: u:tonni
SASL SSF: 128
SASL installing layers
dn:cn=admin,dc=billy,dc=demon,dc=nl

with:

sasl-regexp uid=(.*),cn=.*,cn=auth 
"ldap:///dc=billy,dc=demon,dc=nl??sub?uid=$1";

SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Insufficient access (50)
	additional info: SASL(-14): authorization failure: not authorized

> > And Howard's ldapdb auxprop 1.9 still doesn't work, get the
> > same fault.
>
> The ldapdb auxprop requires proxy authorization privileges, as it states in
> the README file.

I'll recompile the old one today and come back afterward.  It's 
important for Postfix that there is ldap-based MD5 AUTH with standard 
(???!) - i.e. not 2.1.13 patched auxprop SASL libs, since these don't 
seem to work on RH 9.0 for some reason.

Thanks for stepping in!

--Tonni

--
Tony Earnshaw

Once the camel's head has entered your tent,
it's very difficult to stop the rest of the
animal from following it

http://www.billy.demon.nl
Mail: billy-at-billy.demon.nl