From: Victor Duchovni (no email)
Date: Mon May 24 2010 - 14:04:45 EDT
On Mon, May 24, 2010 at 07:30:56PM +0200, Julien Vehent wrote:
> Final solution provided by the Openldap mailing list:
> > Just change your authz-regexp line to
> > authz-regexp "^uid=([^,]+).*,cn=[^,]*,cn=auth$"
> > "ldap:///dc=linuxwall,dc=info??sub?(|(uid=$1)(mail=$1))"
> And the authentication works.
> I think it's worth a line in the sasl howto to explain that postfix will
> use the email value to authenticate the user, and therefore the authz-regex
> should take it into account...
This looks wrong. As Patrick points out you are likely confusing
authentication realms (user at realm principals) with email addresses.
DON'T. Rather configure Postfix with an empty or other correct setting
of the realm that will work correctly without matching user at mail again
-- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.