[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Proxy authorization fail with cyrus-sasl and postfix

To: "Dieter Kluenter" <dieter@dkluenter.de>
Subject: Re: Proxy authorization fail with cyrus-sasl and postfix
From: masarati@aero.polimi.it
Date: Sun, 23 May 2010 20:23:31 +0200 (CEST)
Cc: openldap-technical@openldap.org
Importance: Normal
In-reply-to: <87sk5i1ols.fsf@magenta.l4b.de>
References: <eddade65fcbcb23e2ce269180c9608a2@localhost> <87sk5i1ols.fsf@magenta.l4b.de>
User-agent: SquirrelMail/1.4.15

> Julien Vehent <julien@linuxwall.info> writes:
>
>> Hello list,
>>
>> I am trying to authenticate my mail users against my ldap directory
>> (slapd
>> 2.4.17, debian squeeze). I have setup proxy authorization for user
>> postfix
>> as follow:
>>
>> in slapd.conf
>> ----
>> # SASL proxy authorization rewrite rule
>> authz-regexp "^uid=([^,]+).*,cn=[^,]*,cn=auth$"
>>               "ldap:///dc=linuxwall,dc=info??sub?(uid=$1)"
>
> This regexp requires a uid attribute type.
>>
>> authz-policy to
>> ----
>>
>> ldif of user postfix
>> ----
>> dn: cn=Postfix Administrator,ou=infrastructure,dc=linuxwall,dc=info
>> authzto: ldap:///dc=linuxwall,dc=info??sub?(objectClass=inetOrgPerson)
>> cn: Postfix Administrator
>> [...]
>
> unless you cut it, cn=Postfix Administrator has no uid attribute type,

This *should* have nothing to do, since binding as the Postfix
administrator succeeds, according to the logging he produced.  What's
failing is the subsequent proxyauthz'ing (presumably as a user, but the
original posting did not produce enough info).

p.

References:
- Proxy authorization fail with cyrus-sasl and postfix
  - From: Julien Vehent <julien@linuxwall.info>
- Re: Proxy authorization fail with cyrus-sasl and postfix
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: Re: dynlist and group membership (libnss-ldap, posixGroup, samba)
Next by Date: Re: More on dynamic group searches
Index(es):
- Chronological
- Thread