[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapdb and postfix

ok... i've trimmed down the logs to a single authentication session. these are the relevant parts afaiks.

I'm using ldapdb.c,v 1.5.2.3 2003/12/01 with the following diffs between the version i'm using and the distribution version:

285c285
< int ldapdb_auxprop_plug_init(const sasl_utils_t *utils,
---
static int ldapdb_auxprop_plug_init(const sasl_utils_t *utils,
344a345
SASL_AUXPROP_PLUG_INIT( ldapdb )

I've had to remove 'static' so that slapd doesn't segfault with an error refering to unresolved symbol ldap-auxprop-plug-init. I have patched the makeinit.sh script so the SASL_AUXPROP_PLUG_INIT line is not needed in ldapdb.c. In addition the cyrus-sasl source has patches from the openbsd ports tree to allow it to build shared libs.

I have set the password to cleartext using  "userPassword: {CLEARTEXT}password"

/var/log/authlog
Jun 25 15:13:52 mail2 postfix/smtpd[3411]: No worthy mechs found

/var/log/maillog
Jun 25 15:13:51 mail2 postfix/smtpd[3411]: connect from unknown[172.16.2.61]
Jun 25 15:13:51 mail2 postfix/smtpd[3411]: > unknown[172.16.2.61]: 220 mail2.cutlerco.com.au ESMTP Postfix
Jun 25 15:13:51 mail2 postfix/smtpd[3411]: watchdog_pat: 0x3c028548
Jun 25 15:13:51 mail2 postfix/smtpd[3411]: < unknown[172.16.2.61]: EHLO [203.61.88.252]
Jun 25 15:13:51 mail2 postfix/smtpd[3411]: > unknown[172.16.2.61]: 250-mail2.cutlerco.com.au
Jun 25 15:13:51 mail2 postfix/smtpd[3411]: > unknown[172.16.2.61]: 250-PIPELINING
Jun 25 15:13:51 mail2 postfix/smtpd[3411]: > unknown[172.16.2.61]: 250-SIZE 10240000
Jun 25 15:13:51 mail2 postfix/smtpd[3411]: > unknown[172.16.2.61]: 250-VRFY
Jun 25 15:13:51 mail2 postfix/smtpd[3411]: > unknown[172.16.2.61]: 250-ETRN
Jun 25 15:13:51 mail2 postfix/smtpd[3411]: > unknown[172.16.2.61]: 250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5
Jun 25 15:13:51 mail2 postfix/smtpd[3411]: > unknown[172.16.2.61]: 250-AUTH=LOGIN PLAIN DIGEST-MD5 CRAM-MD5
Jun 25 15:13:51 mail2 postfix/smtpd[3411]: match_list_match: unknown: no match
Jun 25 15:13:51 mail2 postfix/smtpd[3411]: match_list_match: 172.16.2.61: no match
Jun 25 15:13:51 mail2 postfix/smtpd[3411]: > unknown[172.16.2.61]: 250 8BITMIME
Jun 25 15:13:51 mail2 postfix/smtpd[3411]: watchdog_pat: 0x3c028548
Jun 25 15:13:52 mail2 postfix/smtpd[3411]: < unknown[172.16.2.61]: auth CRAM-MD5
Jun 25 15:13:52 mail2 postfix/smtpd[3411]: smtpd_sasl_authenticate: sasl_method CRAM-MD5
Jun 25 15:13:52 mail2 postfix/smtpd[3411]: smtpd_sasl_authenticate: uncoded challenge: <1608008827.14398672@mail2.cutlerco.com.au>
Jun 25 15:13:52 mail2 postfix/smtpd[3411]: > unknown[172.16.2.61]: 334 xxxx==
Jun 25 15:13:52 mail2 postfix/smtpd[3411]: < unknown[172.16.2.61]: xxxxxxx=
Jun 25 15:13:52 mail2 postfix/smtpd[3411]: smtpd_sasl_authenticate: decoded response: pj xxxxx
Jun 25 15:13:52 mail2 postfix/smtpd[3411]: warning: SASL authentication failure: no secret in database
Jun 25 15:13:52 mail2 postfix/smtpd[3411]: warning: unknown[172.16.2.61]: SASL CRAM-MD5 authentication failed
Jun 25 15:13:52 mail2 postfix/smtpd[3411]: > unknown[172.16.2.61]: 535 Error: authentication failed
Jun 25 15:13:52 mail2 postfix/smtpd[3411]: watchdog_pat: 0x3c028548

/var/log/slapd
Jun 25 15:13:52 mail2 slapd[27665]: daemon: activity on 1 descriptors
Jun 25 15:13:52 mail2 slapd[27665]: daemon: new connection on 18
Jun 25 15:13:52 mail2 slapd[27665]: conn=45 fd=18 ACCEPT from IP=127.0.0.1:48511 (IP=127.0.0.1:389)
Jun 25 15:13:52 mail2 slapd[27665]: daemon: added 18r
Jun 25 15:13:52 mail2 slapd[27665]: daemon: activity on:
Jun 25 15:13:52 mail2 slapd[27665]: Jun 25 15:13:52 mail2 slapd[27665]: daemon: select: listen=8 active_threads=0 tvp=NULL
Jun 25 15:13:52 mail2 slapd[27665]: daemon: activity on 1 descriptors
Jun 25 15:13:52 mail2 slapd[27665]: daemon: activity on:
Jun 25 15:13:52 mail2 slapd[27665]: 18r
Jun 25 15:13:52 mail2 slapd[27665]: Jun 25 15:13:52 mail2 slapd[27665]: daemon: read activity on 18
Jun 25 15:13:52 mail2 slapd[27665]: connection_get(18)
Jun 25 15:13:52 mail2 slapd[27665]: connection_get(18): got connid=45
Jun 25 15:13:52 mail2 slapd[27665]: connection_read(18): checking for input on id=45
Jun 25 15:13:52 mail2 slapd[27665]: ber_get_next on fd 18 failed errno=35 (Resource temporarily unavailable)
Jun 25 15:13:52 mail2 slapd[27665]: do_unbind
Jun 25 15:13:52 mail2 slapd[27665]: conn=45 op=0 UNBIND
Jun 25 15:13:52 mail2 slapd[27665]: connection_closing: readying conn=45 sd=18 for close
Jun 25 15:13:52 mail2 slapd[27665]: connection_resched: attempting closing conn=45 sd=18
Jun 25 15:13:52 mail2 slapd[27665]: connection_close: conn=45 sd=18
Jun 25 15:13:52 mail2 slapd[27665]: daemon: removing 18
Jun 25 15:13:52 mail2 slapd[27665]: conn=45 fd=18 closed
Jun 25 15:13:52 mail2 slapd[27665]: daemon: select: listen=8 active_threads=0 tvp=NULL
Jun 25 15:13:52 mail2 slapd[27665]: daemon: activity on 1 descriptors
Jun 25 15:13:52 mail2 slapd[27665]: daemon: select: listen=8 active_threads=0 tvp=NULL
Jun 25 15:13:52 mail2 slapd[27665]: daemon: activity on 1 descriptors
Jun 25 15:13:52 mail2 slapd[27665]: daemon: activity on:
Jun 25 15:13:52 mail2 slapd[27665]: 15r
Jun 25 15:13:52 mail2 slapd[27665]: Jun 25 15:13:52 mail2 slapd[27665]: daemon: read activity on 15
Jun 25 15:13:52 mail2 slapd[27665]: connection_get(15)
Jun 25 15:13:52 mail2 slapd[27665]: connection_get(15): got connid=41
Jun 25 15:13:52 mail2 slapd[27665]: connection_read(15): checking for input on id=41
Jun 25 15:13:52 mail2 slapd[27665]: ber_get_next on fd 15 failed errno=35 (Resource temporarily unavailable)


/usr/lib/sasl2/smtpd.conf
pwcheck_method: auxprop
auxprop_plugin: ldapdb
ldapdb_uri: ldap://127.0.0.1/
ldapdb_id: ldapadmin
ldapdb_pw: xxxxxxx
ldapdb_mech: DIGEST-MD5


cheers

Paul

At 1:03 AM -0400 24/6/04, Igor Brezac wrote: 
There should be some messages in authlog.

ldapdb works well with both 2.1.30 and 2.2.x.

As already suggested, run openldap in debug mode and see what is
going on.  You can also share you ldapdb config file.  What version of
ldapdb plugin are you using?