From: Eric N. Valor (no email)
Date: Sun Aug 01 2004 - 03:51:27 EDT
On Sat, 2004-07-31 at 22:58, Andreas Winkelmann wrote:
> Am Sonntag, 1. August 2004 05:20 schrieb Eric N. Valor:
>
> > I have recompiled SASL-2.1.19. "testsaslauthd" works fine. However,
> > when trying to use SASL to authenticate an incoming STMP session against
> > my LDAP server, I find (using strace) this:
> >
> > read(10, "AUTH PLAIN <password redacted>\r"..., 4096) = 33
> > open("/etc/sasldb", O_RDONLY) = -1 ENOENT (No such file or
> > directory)
> > time([1091330254]) = 1091330254
> > getpid() = 20179
> >
> > I compiled SASL to NOT use sasldb, specifically to use LDAP. I then
> > recompiled postfix against the newly-compiled SASL.
> >
> > /etc/postfix/sasl/smtpd.conf is thus:
>
> Debian has a special-version of Postfix. One of the diffrences is the Path
> where the Cyrus-SASL Library looks for smtpd.conf. If you "recompile" a
> Postfix on Debian, i would guess you are using a vanilla-Postfix Version. And
> then it uses the default Cyrus-SASL Path to look for its smtpd.conf. This is
> normally /usr/lib/sasl2.
You are correct that the problem was related to Debian packages. I had
installed the LDAP libraries via .deb packages. The SASL .deb packages
were also installed. Postfix kept insisting on looking at the old SASL
libraries (despite being told about the SASL2 libraries in configure).
I've removed the .deb LDAP and SASL libraries, built OpenLDAP from
source (to get LDAP libraries), recompiled and installed SASL2, and
recompiled and installed a fresh Postfix.
Everything is happy except now I'm getting "warning:
/usr/libexec/postfix/smtpd: bad command startup" upon connection to port
25. I have no idea what I'm passing to smtpd.
master.cf:
smtp inet n - n - - smtpd -o
smtpd_sasl_auth_enable=yes
> > pwcheck_method: saslauthd
>
> This is ok.
>
> > saslauthd_uri: ldap://XXX.XXX.XXX.XXX
> > saslauthd_mech: ldap
>
> This is wrong, or better senseless. The authmech, which saslauthd uses is
> given as startup-argument ("saslauthd -a ldap"). The URI is defined in the
> configuration-file, normally saslauthd.conf somewhere in /etc.
Thanks. I thought this was rather redundant. But I'm finding that the
SASL documentation (especially for LDAP) is.... well... rather..
"lacking". I have yet to find a complete listing of smtpd.conf options
and/or an explanation of what is appropriate when.
> > saslauthd_path: /var/state/saslauthd/mux
>
> Be carefull, this is the socket the Library uses to connect to saslauthd. If
> you change it here, don't forget to tell saslauthd that you want to change it
> ("saslauthd ... -m /var/state/saslauthd").
Is this even necessary in smtpd.conf then? My saslauthd defaults to
/var/state/saslauthd.
> > mech_list: PLAIN LOGIN
>
> Ok.
Thank you again.
-- Eric N. Valor PGP Key 2048/1024 227B04CB Key Fingerprint = 766C CA15 0FFF E54B 2FEE C7D7 0F87 3AFB 227B 04CB : This Space Intentionally Left Blank :
|
|
|